This error occurs when SSH (client or daemon) tries to bind to a port that is already in use by another process or service. Fix it by finding the conflicting process and either terminating it, changing the SSH port, or waiting for socket cleanup.
The "bind: Address already in use" error means SSH (either the sshd daemon or an SSH client with port forwarding) attempted to bind to a network port and failed because another process already holds that port. On the server side, this typically happens when sshd tries to start but the SSH port (default 22) is already occupied by another SSH daemon instance, a container, or a conflicting service. On the client side, this error appears when using SSH local port forwarding (-L flag) and the local port you specified is already bound by another application. The error indicates a port conflict that prevents SSH from listening on or forwarding through the requested address and port. This is a socket-level error from the operating system, meaning the kernel cannot allocate the requested port to SSH.
Use lsof or netstat to find which process is bound to the port. For SSH default port 22:
# Using lsof (shows process name and PID)
sudo lsof -i :22
# Using netstat (older systems)
sudo netstat -tulpn | grep :22
# Using ss (modern replacement for netstat)
sudo ss -tulpn | grep :22The output will show the process name, PID, and which address/port is bound. For example:
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
sshd 123 root 3u IPv4 12345 0t0 TCP *:22 (LISTEN)
sshd 456 root 4u IPv6 12346 0t0 TCP *:22 (LISTEN)If you see multiple sshd processes, you may have duplicate instances. If you see a different service name, that service is conflicting with SSH.
Once you identify the conflicting process, stop it gracefully first, then forcefully if needed.
For a duplicate SSH daemon:
# Find all sshd processes
ps aux | grep sshd
# Kill the extra instance by PID (keep the one with lowest PID, usually the parent)
sudo kill -TERM <PID>
# Force kill if it doesn't respond
sudo kill -9 <PID>For a systemd service:
# Stop the conflicting service (if known)
sudo systemctl stop <service-name>
# Or stop all SSH services
sudo systemctl stop ssh ssh.socket sshd sshd.socketFor other services like telnet or dropbear, identify and stop them similarly:
sudo systemctl stop telnet
sudo systemctl stop dropbearAfter stopping the process, verify it's gone:
sudo lsof -i :22Once the port is free, restart the SSH daemon:
# On systemd systems
sudo systemctl restart ssh
# or
sudo systemctl restart sshd
# On older init systems
sudo service ssh restart
# or
sudo /etc/init.d/ssh restartVerify that SSH is now running and listening:
sudo lsof -i :22
sudo netstat -tulpn | grep :22If SSH starts successfully, you should see the sshd process bound to port 22.
If the port shows in TIME_WAIT state even after killing all processes, the OS is holding the port closed for a short period to ensure no stray packets arrive. You have two options:
Option 1: Wait 60-120 seconds for TIME_WAIT to expire:
# Check the state
sudo netstat -tulpn | grep :22
# The port will show as TIME_WAIT
tcp 0 0 0.0.0.0:22 0.0.0.0:* TIME_WAIT
# Wait and try again
sleep 120
sudo systemctl start sshOption 2: Enable socket reuse to avoid TIME_WAIT delays (permanent):
# Edit sshd_config to use SO_REUSEADDR
sudo nano /etc/ssh/sshd_config
# Add or uncomment this line:
# AddressFamily any
# Then restart
sudo systemctl restart sshOr enable it system-wide (affects all applications):
# Temporary (until reboot)
sudo sysctl -w net.ipv4.tcp_tw_reuse=1
# Permanent (add to /etc/sysctl.conf)
echo "net.ipv4.tcp_tw_reuse = 1" | sudo tee -a /etc/sysctl.conf
sudo sysctl -pIf you cannot free up port 22 or prefer not to wait, configure SSH to use a different port:
# Edit the SSH daemon config
sudo nano /etc/ssh/sshd_config
# Find the line that says "Port 22" and change it
Port 2222
# Save (Ctrl+X, Y, Enter)Then restart SSH:
sudo systemctl restart sshVerify it's listening on the new port:
sudo lsof -i :2222Now clients must connect using the new port:
ssh -p 2222 user@hostnameThis is useful if port 22 is needed by another service permanently.
Some systems have dual-stack IPv4 and IPv6 listening causing conflicts. Check sshd_config for ListenAddress:
sudo grep "ListenAddress" /etc/ssh/sshd_configIf you see both IPv4 and IPv6 addresses for port 22, ensure they don't conflict:
sudo nano /etc/ssh/sshd_config
# Use one of these patterns:
# Option 1: Listen on all addresses (default)
Port 22
# (Remove any ListenAddress lines)
# Option 2: Listen only on IPv4
Port 22
ListenAddress 0.0.0.0
# Option 3: Listen only on IPv6
Port 22
ListenAddress ::
# Option 4: Listen on specific IPs
Port 22
ListenAddress 192.168.1.100
ListenAddress 2001:db8::1After editing:
sudo systemctl restart ssh
sudo ss -tulpn | grep :22For container environments (Docker, Kubernetes), this error often means the host or container already has sshd running or the container port mapping conflicts with an existing host process. In Docker, ensure your container doesn't start multiple SSH daemons and verify the port mapping (-p flag) doesn't conflict. For Kubernetes, check that multiple pod instances aren't trying to claim the same hostPort. In systemd environments, socket activation (sshd.socket vs direct sshd) can cause conflicts if both are enabled—disable one and use the other. For SSH port forwarding specifically (ssh -L), the error means the local port is already bound, so choose an unused port. Use 'netstat -an | grep LISTEN' to see all occupied ports on your system.
Load key "/home/user/.ssh/id_rsa": invalid format
How to fix 'Load key invalid format' in SSH
Bad owner or permissions on /home/user/.ssh/config
How to fix "Bad owner or permissions on .ssh/config" in SSH
Error connecting to agent: Connection refused
How to fix "Error connecting to agent: Connection refused" in SSH
Connection closed by UNKNOWN port 65535
How to fix 'Connection closed by UNKNOWN port 65535' in SSH
Offending ECDSA key in /home/user/.ssh/known_hosts:line
How to fix "Offending ECDSA key in known_hosts" in SSH