The SSH daemon (sshd) cannot bind to port 22 because another process is already using it, or a previous sshd instance hasn't fully released the port. This error specifically indicates an IPv6 binding conflict (the :: address) and occurs during server startup.
When sshd starts, it attempts to bind to configured listening ports. If a port is already in use by another process, or if a previous instance of sshd hasn't completely terminated and released the socket (which can take 60 seconds due to TIME_WAIT state), the startup fails. The :: notation represents the IPv6 unspecified address, indicating this particular binding attempt is for IPv6 on port 22. This error prevents the SSH daemon from starting, making remote access via SSH impossible.
Use one of these commands to identify what's bound to port 22:
sudo lsof -i :22
# or
sudo netstat -tulpn | grep :22
# or (modern systems)
sudo ss -tulpn | grep :22Output will show the process name and PID. If you see sshd, note the PID for the next step.
If multiple sshd instances are running, stop them with:
sudo systemctl stop sshd
# or on some systems
sudo systemctl stop ssh
# Force kill any remaining processes (be careful!)
sudo killall sshdWait 10-15 seconds for TIME_WAIT state to clear, then proceed to restart.
On systems using systemd socket activation, the ssh.socket might be competing with sshd for the port. Check if this is active:
sudo systemctl status ssh.socket
sudo systemctl status sshd.socketIf active, disable it:
sudo systemctl stop ssh.socket
sudo systemctl disable ssh.socket
sudo systemctl stop sshd.socket
sudo systemctl disable sshd.socketThen restart just the service:
sudo systemctl restart sshd
# or
sudo systemctl restart sshCheck your SSH configuration for duplicate or conflicting listen addresses:
sudo grep -n ListenAddress /etc/ssh/sshd_configCommon configurations:
- Listen on both IPv4 and IPv6 (default):
ListenAddress 0.0.0.0
ListenAddress ::- Listen on IPv4 only:
ListenAddress 0.0.0.0
# Comment out: # ListenAddress ::- Listen on IPv6 only:
ListenAddress ::
# Comment out: # ListenAddress 0.0.0.0If you have conflicting entries or custom ports, ensure they're consistent. After editing, validate with:
sudo sshd -tAfter making changes, restart the SSH service:
sudo systemctl restart sshdCheck that it started successfully:
sudo systemctl status sshdVerify the port is listening:
sudo ss -tulpn | grep :22You should see sshd listening on both 0.0.0.0:22 (IPv4) and [::]:22 (IPv6), or whichever you configured.
Test SSH connectivity from another machine:
ssh -v [email protected]The -v flag shows verbose output if there are any issues. If connection succeeds, the error is resolved.
For local testing without a second machine:
ssh localhostAdvanced troubleshooting:
IPv6 Socket Behavior: On most Linux systems, if you bind to :: (IPv6 unspecified address) without the IPV6_V6ONLY socket option set, the IPv6 socket will also accept IPv4 connections. Check with cat /proc/sys/net/ipv6/conf/default/bindv6only (value 1 means IPv6-only, 0 means dual-stack). This should not normally cause conflicts, but can be an issue in edge cases.
TIME_WAIT and SO_REUSEADDR: Normally, the kernel holds a socket in TIME_WAIT state for 60 seconds after closure to prevent port reuse confusion. You can force sshd to reuse the port by setting SO_REUSEADDR, which modern OpenSSH does by default. If you're still getting errors after systemctl stop, wait 60+ seconds or restart the entire system.
Non-standard Ports: If you need to run SSH on a non-standard port (e.g., 2222), change the Port directive in sshd_config instead of using ListenAddress. Some cloud platforms or firewalls may block non-standard SSH ports.
Container/VM Specific: In Docker containers or VMs, the error might indicate the parent host already has sshd on port 22. Verify which port you're actually exposing. In Docker: use -p 2222:22 to expose the container's port 22 as 2222 on the host.
Debugging: Run sshd in debug mode before fully restarting:
sudo sshd -D -dThis runs sshd in foreground with debug output, showing exactly where it fails to bind.
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
How to fix SSH man-in-the-middle attack warning in SSH
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @ WARNING: UNPROTECTED PRIVATE KEY FILE! @ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
How to fix "WARNING: UNPROTECTED PRIVATE KEY FILE!" in SSH
sign_and_send_pubkey: no mutual signature supported
How to fix "sign_and_send_pubkey: no mutual signature supported" in SSH
Bad owner or permissions on /home/user/.ssh/known_hosts
How to fix "Bad owner or permissions on known_hosts" in SSH
It is required that your private key files are NOT accessible by others.
How to fix "private key files are NOT accessible by others" in SSH