SSHD does not start

untamed · January 8, 2008, 6:17am

I installed OpenSSH on AIX 5.1 but when I try to start it, it says:

bash-2.05a# /usr/sbin/sshd
bash-2.05a#
bash-2.05a# tail /var/adm/syslog.out
Jan  8 11:52:22 xyz sshd[1368252]: fatal: Cannot bind any address.

frank_rizzo · January 8, 2008, 6:34am

Do you have any network interfaces up?

ifconfig -au

Can you run the server in debug mode? ie: /path/to/sshd -D -d -e

untamed · January 8, 2008, 6:46am

Yep, the network on this machine is already configured:

bash-2.05a# ifconfig -au
en0: flags=4e080863<UP,BROADCAST,NOTRAILERS,RUNNING,SIMPLEX,MULTICAST,GROUPRT,64BIT,PSEG>
        inet 192.168.2.7 netmask 0xffffff00 broadcast 192.168.2.255
lo0: flags=e08084b<UP,BROADCAST,LOOPBACK,RUNNING,SIMPLEX,MULTICAST,GROUPRT,64BIT>
        inet 127.0.0.1 netmask 0xff000000 broadcast 127.255.255.255
        inet6 ::1/0
         tcp_sendspace 65536 tcp_recvspace 65536

This is the output of the debug mode:

bash-2.05a# which sshd
/usr/sbin/sshd
bash-2.05a# /usr/sbin/sshd -D -d -e
debug1: sshd version OpenSSH_4.1p1
debug1: private host key: #0 type 0 RSA1
debug1: read PEM private key done: type RSA
debug1: private host key: #1 type 1 RSA
debug1: read PEM private key done: type DSA
debug1: private host key: #2 type 2 DSA
debug1: rexec_argv[0]='/usr/sbin/sshd'
debug1: rexec_argv[1]='-D'
debug1: rexec_argv[2]='-d'
debug1: rexec_argv[3]='-e'
getnameinfo failed: Invalid argument
getnameinfo failed: Invalid argument
Cannot bind any address.

frank_rizzo · January 8, 2008, 6:49am

what is the oslevel?

untamed · January 8, 2008, 6:56am

bash-2.05a# oslevel
5.1.0.0

Neo · January 8, 2008, 7:41am

You have a DNS problem (host name, IP address, name-IP resolution), it seems.

frank_rizzo · January 8, 2008, 8:12am

what ML are you at? It looks like your hitting a bug. Check out OpenSSH 4.1p1 sshd won't start on AIX 5.1 - LinuxQuestions.org

untamed · January 8, 2008, 9:02am

I don't think so...

bash-2.05a# ping www.google.it
PING www.l.google.com: (216.239.59.104): 56 data bytes
64 bytes from 216.239.59.104: icmp_seq=0 ttl=241 time=94 ms
64 bytes from 216.239.59.104: icmp_seq=1 ttl=241 time=45 ms
^C
----www.l.google.com PING Statistics----
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max = 45/69/94 ms

Could it be really a bug...? Have I to upgrade th ML?

bash-2.05a# oslevel -r
5100-02

Neo · January 8, 2008, 9:06am

Pinging a remote host does not show that your own DNS name services on the host you are using are configured correctly.

You have to ping yourself

untamed · January 8, 2008, 9:09am

bash-2.05a# ping localhost
PING localhost: (127.0.0.1): 56 data bytes
64 bytes from 127.0.0.1: icmp_seq=0 ttl=255 time=0 ms
64 bytes from 127.0.0.1: icmp_seq=1 ttl=255 time=0 ms
^C
----localhost PING Statistics----
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max = 0/0/0 ms

Neo · January 8, 2008, 9:17am

Pinging localhost does not test a DNS issue. Localhost does not use DNS.

You have to ping your fully qualified host name and your hostname without the domain name. etc.

untamed · January 8, 2008, 9:26am

:o

bash-2.05a# hostname
xyz.abcd.com

bash-2.05a# ping xyz
PING xyz.abcd.com: (192.168.2.7): 56 data bytes
64 bytes from 192.168.2.7: icmp_seq=0 ttl=255 time=0 ms
64 bytes from 192.168.2.7: icmp_seq=1 ttl=255 time=0 ms
64 bytes from 192.168.2.7: icmp_seq=2 ttl=255 time=0 ms
^C
----xyz.abcd.com PING Statistics----
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max = 0/0/0 ms

Neo · January 8, 2008, 9:35am

You cannot check getnameinfo (your error) by pinging with your hostname, now that I look into this further.

pSeries and AIX Information Center

You need to do an nslookup on your IP address and see if the reverse lookup (IP address to name) is working.

Neo · January 8, 2008, 9:42am

Also see:

RETURN VALUE
A zero return value for getnameinfo() indicates successful completion; a non-zero return value indicates failure. The possible values for the failures are listed in the ERRORS section.

Upon successful completion, getnameinfo() shall return the node and service names, if requested, in the buffers provided. The returned names are always null-terminated strings.

ERRORS
The getnameinfo() function shall fail and return the corresponding value if:

[EAI_AGAIN] 
The name could not be resolved at this time. Future attempts may succeed. 
[EAI_BADFLAGS] 
The flags had an invalid value. 
[EAI_FAIL] 
A non-recoverable error occurred. 
[EAI_FAMILY] 
The address family was not recognized or the address length was invalid for the specified family. 
[EAI_MEMORY] 
There was a memory allocation failure. 
[EAI_NONAME] 
The name does not resolve for the supplied parameters. 
NI_NAMEREQD is set and the host's name cannot be located, or both nodename and servname were null.

[EAI_OVERFLOW] 
An argument buffer overflowed. The buffer pointed to by the node argument or the service argument was too small. 
[EAI_SYSTEM] 
A system error occurred. The error code can be found in errno.

Reference:

getnameinfo

untamed · January 8, 2008, 9:48am

bash-2.05a# nslookup
Default Server:  dns1.abcd.com
Address:  172.16.0.3

> 192.168.2.7
Server:  dns1.abcd.com
Address:  172.16.0.3

Name:    xyz.abcd.com
Address:  192.168.2.7

> exit

Neo · January 8, 2008, 9:53am

It seems you might have the "AIX getnameinfo" bug that is discussed in Google searches on AIX getnameinfo, as frank_rizzo mentioned earlier.

untamed · January 8, 2008, 10:19am

So the only way is upgrade my ML?

Neo · January 8, 2008, 10:25am

I don't know if it is the "only way" but it seems like the logical best next step, considering all the good troubleshooting you have done and the available info on the net.....

Neo · January 8, 2008, 10:27am

For example, see this post:

archive.netbsd.se

You could try to recompile:

frank_rizzo · January 8, 2008, 6:29pm

you should really upgrade anyways. 5.1 is pretty old and probably unsupported.