Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

Question:

Question: Catalina 10.15.4 SSH port > 8192 does not work when using server name instead of IP

This issue started just after upgrading to macOS Catalina 10.15.4.


After that update I am no longer able to open a SSH connection to a port greater than 8192 using server name (instead of IP). Yes, I do change the port on the server side prior to every test.


Earlier this command worked just fine:


ssh username@servername -p 10022 -v


Now in debug the last row is:


debug1: Connecting to username@server port 10022.


And then nothing. SSH command gets stuck and ctrl-c kills it.


However, this DOES work (of course assuming I have changed SSH port on the server to 1022).


ssh username@servername -p 1022 -v


Also, it does work if I use IP address instead of name like so:


ssh username@192.168.0.123 -p 10022 -v


I have verified that:

  1. This happens on 4 unrelated Macs running 10.15.4.
  2. It does NOT occur on two other Macs running earlier OSes
  3. It did NOT occur on 10.15.3
  4. The problem occurs regardless of the target server (local network or outside)
  5. I have disabled Mac Firewall and Little Snitch (Little Snitch is installed in only one of the affected machines).


Can anybody figure out a reason why this happens? I'd really like to use server name instead of the IP address.

iMac Line (2012 and Later)

Posted on

Reply
Question marked as Helpful

Apr 20, 2020 5:23 AM in response to Anomuumi In response to Anomuumi

This "resolved" the problem for me:


Either adjust your ssh command and add the ConnectTimeout parameter, setting it to 5:

ssh someuser@somehost -oConnectTimeout=5 -p somehighportnumber


OR


Edit /etc/ssh/ssh_config

sudo vi /etc/ssh/ssh_config

and remove the "#" in front of ConnectTimeout parameter + set its value to 5

ConnectTimeout 5


Note: after I changed my config file a month or two ago, today probably an update reverted it back to default breaking my ssh connectivity again. After spending too much time searching for what my solution was previously, I decided to share it here so I can find it back again :-)

There’s more to the conversation

Read all replies

Mar 29, 2020 2:07 PM in response to Anomuumi In response to Anomuumi

Anomuumi Said:

[...]Can anybody figure out a reason why this happens? I'd really like to use server name instead of the IP address.

———-


  • Compatibility with Software:

This is a security update. So, contact the manufacturer of the server. Its probably a compatibility issue - a flaw yet to be fixed in the software.


  • Restore the Mac, Using Time Machine:

Did you back up your Mac prior to the upgrade? If so, recover your Mac from it. Always back up your Mac when making major changes (such as installing a update).


  • Contact the Network Administrator:

Talk to the Administrator of your network, to be certain that all is configured correctly on your Mac.


  • Create a New Administrator User:

See if creating a new Administrator user makes this issue go away. If so, it’s something misconfigured in your current user. So, if this ends up being the case, then rid of your current user and use the new user instead. But, create a Time Machine backup, just instead.


  • Rid of Security Software:

Just curious: Any Security Software installed? If so, Firewall settings are getting in the way. So, rid of it. It’s unnecessary on a Mac and it just gets in the way — and this is a pure example of how.

Mar 29, 2020 2:07 PM

Reply Helpful

Mar 29, 2020 2:21 PM in response to TheLittles In response to TheLittles

Thank you for your answer.


This happens at least with three different servers that I'm trying to reach, running different platforms. The only common thing is Catalina 10.15.4. Yes, it probably is a compatibility issue - or rather, a bug in 10.15.4. I'd like to know if other people experience it as well.


Yes, I do have a backup. But I'd rather not downgrade. I'm trying to find a reason and to understand why this happens. As a workaround, using the IP address instead of the server name is workable, but I'd really like to understand why this happens.


I am the network administrator (it's a home network, haven't been able to test elsewhere yet). Will do that when I get my laptop back to test with.


I have created a new admin user on two different machines, and the same issue occurs. I have not (yet) tried to do a clean install to verify that this happens there as well.


I do not have any security software installed on any of the affected machines. Not even Apple's firewall is on because these machines are always on the intranet, without access from external network.

Mar 29, 2020 2:21 PM

Reply Helpful (1)

Mar 30, 2020 7:11 AM in response to Anomuumi In response to Anomuumi

I'm having this same problem after the update. In my case it's connecting correctly when using the default port but is not working with a custom port (4623).

Good to know that at least I can connect using the IP address. I can use this as a fallback until this bug is solved...



Mar 30, 2020 7:11 AM

Reply Helpful

Mar 31, 2020 3:46 PM in response to webdeck3 In response to webdeck3

I'm having this issue but worse.


I can't even connect to github or any of my AWS EC2 instances even on port 22.


ssh: connect to host github.com port 22: Host is down


ssh: connect to host ec2-**-***-***-***.us-east-2.compute.amazonaws.com port 22: Host is down


The only thing that has changed is I updated to `10.15.4`


Nevermind... of course a restart solved it


Mar 31, 2020 3:46 PM

Reply Helpful (1)

Apr 2, 2020 2:44 AM in response to Anomuumi In response to Anomuumi

I don't have this problem. I connect to port 34564 by a servername and SSH works as good as it worked before the update to 10.15.4. I tried 3 different servers.


I switched from bash to zsh far before the update. My hardware is MacBook Pro 15" 2015. Maybe it matters.

Apr 2, 2020 2:44 AM

Reply Helpful

Apr 2, 2020 8:02 AM in response to Anomuumi In response to Anomuumi

Confirmed the same thing happening for me. Fresh install of Catalina (10.15.4) ssh just hangs when I attempt to hit a non-standard port with hostname.


mini:~ $ ssh -V

OpenSSH_8.1p1, LibreSSL 2.7.3


mini:~ $ ssh -v -p 55022 user@host.domain.com

OpenSSH_8.1p1, LibreSSL 2.7.3

debug1: Reading configuration data /etc/ssh/ssh_config

debug1: /etc/ssh/ssh_config line 47: Applying options for *

debug1: Connecting to host.domain.com port 55022.


Just hangs from there, eventually times out.

Apr 2, 2020 8:02 AM

Reply Helpful

Apr 2, 2020 8:58 AM in response to Anomuumi In response to Anomuumi

Anomuumi Said:

"Catalina 10.15.4 SSH port > 8192 does not work when using server name instead of IP"

-------


Provide Apple Feedback on this:

This seems to be catching on quite quick. Apple barely reads these forums as it is, on their own time. So, please report this, so they can be wary of it. Be sure to include a link to this forum in the feedback box: https://discussions.apple.com/thread/251226509


How to Provide Apple this Feedback:

  1. Go Here: Feedback - macOS - Apple
  2. Select: "Bug Report" for the "Feedback Type"
  3. Proceed from there as necessary.

Apr 2, 2020 8:58 AM

Reply Helpful

Apr 4, 2020 10:17 AM in response to TheLittles In response to TheLittles

Same issue:


(base) ~ % ssh -v abc

OpenSSH_8.1p1, LibreSSL 2.7.3

debug1: Reading configuration data /Users/xxx/.ssh/config

debug1: /Users/xxx/.ssh/config line 1: Applying options for abc

debug1: Reading configuration data /etc/ssh/ssh_config

debug1: /etc/ssh/ssh_config line 47: Applying options for *

debug1: Connecting to yyy port 50.


hangs

Apr 4, 2020 10:17 AM

Reply Helpful

Apr 13, 2020 5:32 PM in response to Anomuumi In response to Anomuumi

I'm facing the same issue on macOS Catalina 10.15.4.


juanhao@MacBook ~ % ssh -vvvv root@server127 -p 5520

OpenSSH_8.1p1, LibreSSL 2.7.3

debug1: Reading configuration data /Users/juanhao/.ssh/config

debug1: Reading configuration data /etc/ssh/ssh_config

debug1: /etc/ssh/ssh_config line 47: Applying options for *

debug1: Connecting to server127 port 5520.

Apr 13, 2020 5:32 PM

Reply Helpful
Question marked as Helpful

Apr 20, 2020 5:23 AM in response to Anomuumi In response to Anomuumi

This "resolved" the problem for me:


Either adjust your ssh command and add the ConnectTimeout parameter, setting it to 5:

ssh someuser@somehost -oConnectTimeout=5 -p somehighportnumber


OR


Edit /etc/ssh/ssh_config

sudo vi /etc/ssh/ssh_config

and remove the "#" in front of ConnectTimeout parameter + set its value to 5

ConnectTimeout 5


Note: after I changed my config file a month or two ago, today probably an update reverted it back to default breaking my ssh connectivity again. After spending too much time searching for what my solution was previously, I decided to share it here so I can find it back again :-)

Apr 20, 2020 5:23 AM

Reply Helpful (1)

Apr 20, 2020 9:14 AM in response to ErwinBNL In response to ErwinBNL

Cool! This indeed works.


Note, that you can put the .ssh settings in your user's own setting file. I believe that file will not be overwritten when doing an update.


nano ~/.ssh/config 


My file looks like:


Host *
  AddKeysToAgent yes
  UseKeychain yes
  IdentityFile ~/.ssh/id_rsa
  ConnectTimeout 5

Apr 20, 2020 9:14 AM

Reply Helpful
User profile for user: Anomuumi

Question: Catalina 10.15.4 SSH port > 8192 does not work when using server name instead of IP