Hi - I just bought a xen VPS and am running CentOS 5 on it (updated to 5.2). With all my personal machines sitting at home behind a router with all ports (except for BitTorrent) closed - I had forgotten how frequent brute force ssh attacks are, but within a day, the log was loaded with them. So I did two things - I installed and configured pam_abl and I moved the ssh port to 1294 ( a > 1024 number that means something to me so easy to remember) and then blocked port 22 in iptables. Interestingly - after installing pam_able before I configured and restarted sshd, pam_able was already building a database of hosts - the attacks were that frequent. Nothing after restarting sshd on the new port though, at least so far. Anyway - while the server is working on the new port and I can connect, I noticed this error: Oct 4 09:01:25 li34-4 sshd[2305]: Server listening on :: port 1294. Oct 4 09:01:25 li34-4 sshd[2305]: error: Bind to port 1294 on 0.0.0.0 failed: Address already in use. Is that caused by a mis-configuration on my part? The only change I made to sshd was the Port directive (root login was already disabled in the xen image I started from) It looks like it is listening on the port and then trying to bind to the port a second time. Is that from having two IPs on the same nic (eth0 and eth0:1) ?