Package: openssh-server Version: 1:5.5p1-4 Severity: normal The OpenSSH server exits with a fatal error if the ListenAddress is not available for binding. In my use-case (ssh between my phone and laptop using Ethernet over USB) I need SSH to be always running and bind to the appropriate address as new interfaces become available and de-bind as they disappear. I don't want SSH exposed to the WiFi and Ethernet interfaces on my laptop so I use ListenAddress in sshd_config, the reject option in dhclient.conf and a static IP on the USB connection so that rogue networks can't get in on SSH. Probably the best solution to this is to split ListenAddress add an AllowListenAddress and rename ListenAddress to RequireListenAddress. pabs@chianamo:~$ ifconfig usb0 usb0: error fetching interface information: Device not found pabs@chianamo:~$ pgrep sshd pabs@chianamo:~$ grep ^Listen /etc/ssh/sshd_config ListenAddress 192.168.0.200 pabs@chianamo:~$ sudo /etc/init.d/ssh start Starting OpenBSD Secure Shell server: sshd. pabs@chianamo:~$ pgrep sshd pabs@chianamo:~$ sudo grep sshd /var/log/auth.log Jul 27 09:36:03 chianamo sshd[8050]: error: Bind to port 2222 on 192.168.0.200 failed: Cannot assign requested address. Jul 27 09:36:03 chianamo sshd[8050]: fatal: Cannot bind any address. Jul 27 09:36:44 chianamo sudo: pabs : TTY=pts/1 ; PWD=/home/pabs ; USER=root ; COMMAND=/bin/grep sshd /var/log/auth.log -- System Information: Debian Release: squeeze/sid APT prefers testing APT policy: (700, 'testing'), (600, 'unstable'), (550, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 2.6.34-1-amd64 (SMP w/2 CPU cores) Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages openssh-server depends on: ii adduser 3.112 add and remove users and groups ii debconf [debconf-2.0] 1.5.33 Debian configuration management sy ii dpkg 1.15.7.2 Debian package management system ii libc6 2.11.2-2 Embedded GNU C Library: Shared lib ii libcomerr2 1.41.12-2 common error description library ii libgssapi-krb5-2 1.8.1+dfsg-5 MIT Kerberos runtime libraries - k ii libkrb5-3 1.8.1+dfsg-5 MIT Kerberos runtime libraries ii libpam-modules 1.1.1-3 Pluggable Authentication Modules f ii libpam-runtime 1.1.1-3 Runtime support for the PAM librar ii libpam0g 1.1.1-3 Pluggable Authentication Modules l ii libselinux1 2.0.94-1 SELinux runtime shared libraries ii libssl0.9.8 0.9.8o-1 SSL shared libraries ii libwrap0 7.6.q-19 Wietse Venema's TCP wrappers libra ii lsb-base 3.2-23.1 Linux Standard Base 3.2 init scrip ii openssh-blacklist 0.4.1 list of default blacklisted OpenSS ii openssh-client 1:5.5p1-4 secure shell (SSH) client, for sec ii procps 1:3.2.8-9 /proc file system utilities ii zlib1g 1:1.2.3.4.dfsg-3 compression library - runtime Versions of packages openssh-server recommends: ii openssh-blacklist-extra 0.4.1 list of non-default blacklisted Op ii xauth 1:1.0.4-1 X authentication utility Versions of packages openssh-server suggests: ii ssh-askpass 1:1.2.4.1-9 under X, asks user for a passphras -- debconf information: ssh/vulnerable_host_keys: ssh/new_config: true * ssh/use_old_init_script: true ssh/disable_cr_auth: false ssh/encrypted_host_key_but_no_keygen: -- bye, pabs http://wiki.debian.org/PaulWise
Attachment:
signature.asc
Description: This is a digitally signed message part