Package: openssh-server Version: 1:9.2p1-2+deb12u2 Severity: important Tags: ipv6 X-Debbugs-Cc: b...@rptbgd.firenzee.com
Dear Maintainer, I configured SSH with a static IPv6 ListenAddress. During bootup, SSH tries to start before the IPv6 address has been fully bound to the host (ie during duplicate address detection) This results in SSH failing to start with "Cannot bind any address" and a return code of 255. The systemd unit file for ssh contains "RestartPreventExitStatus=255" which causes it to give up when it encounters this error. In a cloud environment this is a critical failure as it renders the host inaccessible. The same thing occurs if the static IPv6 address is assigned a different way (eg via SLAAC or DHCPv6) If you remove this line, systemd tries again and succeeds once the address has been bound to the host. I generally also add "StartSec=15s" to prevent it trying too frequently. This manual change is not persistent, as it gets overwritten next time you update the package. -- System Information: Debian Release: 12.5 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 6.1.0-10-cloud-amd64 (SMP w/2 CPU threads; PREEMPT) Locale: LANG=C.UTF-8, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages openssh-server depends on: ii adduser 3.134 ii debconf [debconf-2.0] 1.5.82 ii init-system-helpers 1.65.2 ii libaudit1 1:3.0.9-1 ii libc6 2.36-9+deb12u4 ii libcom-err2 1.47.0-2 ii libcrypt1 1:4.4.33-2 ii libgssapi-krb5-2 1.20.1-2+deb12u1 ii libkrb5-3 1.20.1-2+deb12u1 ii libpam-modules 1.5.2-6+deb12u1 ii libpam-runtime 1.5.2-6+deb12u1 ii libpam0g 1.5.2-6+deb12u1 ii libselinux1 3.4-1+b6 ii libssl3 3.0.11-1~deb12u2 ii libsystemd0 252.22-1~deb12u1 ii libwrap0 7.6.q-32 ii openssh-client 1:9.2p1-2+deb12u2 ii openssh-sftp-server 1:9.2p1-2+deb12u2 ii procps 2:4.0.2-3 ii runit-helper 2.15.2 ii sysvinit-utils [lsb-base] 3.06-4 ii ucf 3.0043+nmu1 ii zlib1g 1:1.2.13.dfsg-1 Versions of packages openssh-server recommends: ii libpam-systemd [logind] 252.22-1~deb12u1 pn ncurses-term <none> pn xauth <none> Versions of packages openssh-server suggests: pn molly-guard <none> pn monkeysphere <none> pn ssh-askpass <none> pn ufw <none> -- debconf information: openssh-server/permit-root-login: true openssh-server/password-authentication: false