You can make a difference in the Apple Support Community!

When you sign up with your Apple Account, you can provide valuable feedback to other community members by upvoting helpful replies and User Tips.

Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

Catalina 10.15.4 SSH port > 8192 does not work when using server name instead of IP

This issue started just after upgrading to macOS Catalina 10.15.4.


After that update I am no longer able to open a SSH connection to a port greater than 8192 using server name (instead of IP). Yes, I do change the port on the server side prior to every test.


Earlier this command worked just fine:


ssh username@servername -p 10022 -v


Now in debug the last row is:


debug1: Connecting to username@server port 10022.


And then nothing. SSH command gets stuck and ctrl-c kills it.


However, this DOES work (of course assuming I have changed SSH port on the server to 1022).


ssh username@servername -p 1022 -v


Also, it does work if I use IP address instead of name like so:


ssh username@192.168.0.123 -p 10022 -v


I have verified that:

  1. This happens on 4 unrelated Macs running 10.15.4.
  2. It does NOT occur on two other Macs running earlier OSes
  3. It did NOT occur on 10.15.3
  4. The problem occurs regardless of the target server (local network or outside)
  5. I have disabled Mac Firewall and Little Snitch (Little Snitch is installed in only one of the affected machines).


Can anybody figure out a reason why this happens? I'd really like to use server name instead of the IP address.

iMac Line (2012 and Later)

Posted on Mar 29, 2020 1:36 PM

Reply
14 replies

Apr 2, 2020 8:58 AM in response to Anomuumi

Anomuumi Said:

"Catalina 10.15.4 SSH port > 8192 does not work when using server name instead of IP"

-------


Provide Apple Feedback on this:

This seems to be catching on quite quick. Apple barely reads these forums as it is, on their own time. So, please report this, so they can be wary of it. Be sure to include a link to this forum in the feedback box: https://discussions.apple.com/thread/251226509


How to Provide Apple this Feedback:

  1. Go Here: Feedback - macOS - Apple
  2. Select: "Bug Report" for the "Feedback Type"
  3. Proceed from there as necessary.

Mar 29, 2020 2:07 PM in response to Anomuumi

Anomuumi Said:

[...]Can anybody figure out a reason why this happens? I'd really like to use server name instead of the IP address.

———-


  • Compatibility with Software:

This is a security update. So, contact the manufacturer of the server. Its probably a compatibility issue - a flaw yet to be fixed in the software.


  • Restore the Mac, Using Time Machine:

Did you back up your Mac prior to the upgrade? If so, recover your Mac from it. Always back up your Mac when making major changes (such as installing a update).


  • Contact the Network Administrator:

Talk to the Administrator of your network, to be certain that all is configured correctly on your Mac.


  • Create a New Administrator User:

See if creating a new Administrator user makes this issue go away. If so, it’s something misconfigured in your current user. So, if this ends up being the case, then rid of your current user and use the new user instead. But, create a Time Machine backup, just instead.


  • Rid of Security Software:

Just curious: Any Security Software installed? If so, Firewall settings are getting in the way. So, rid of it. It’s unnecessary on a Mac and it just gets in the way — and this is a pure example of how.

Mar 29, 2020 2:21 PM in response to TheLittles

Thank you for your answer.


This happens at least with three different servers that I'm trying to reach, running different platforms. The only common thing is Catalina 10.15.4. Yes, it probably is a compatibility issue - or rather, a bug in 10.15.4. I'd like to know if other people experience it as well.


Yes, I do have a backup. But I'd rather not downgrade. I'm trying to find a reason and to understand why this happens. As a workaround, using the IP address instead of the server name is workable, but I'd really like to understand why this happens.


I am the network administrator (it's a home network, haven't been able to test elsewhere yet). Will do that when I get my laptop back to test with.


I have created a new admin user on two different machines, and the same issue occurs. I have not (yet) tried to do a clean install to verify that this happens there as well.


I do not have any security software installed on any of the affected machines. Not even Apple's firewall is on because these machines are always on the intranet, without access from external network.

Mar 31, 2020 3:46 PM in response to webdeck3

I'm having this issue but worse.


I can't even connect to github or any of my AWS EC2 instances even on port 22.


ssh: connect to host github.com port 22: Host is down


ssh: connect to host ec2-**-***-***-***.us-east-2.compute.amazonaws.com port 22: Host is down


The only thing that has changed is I updated to `10.15.4`


Nevermind... of course a restart solved it


Apr 2, 2020 8:02 AM in response to Anomuumi

Confirmed the same thing happening for me. Fresh install of Catalina (10.15.4) ssh just hangs when I attempt to hit a non-standard port with hostname.


mini:~ $ ssh -V

OpenSSH_8.1p1, LibreSSL 2.7.3


mini:~ $ ssh -v -p 55022 user@host.domain.com

OpenSSH_8.1p1, LibreSSL 2.7.3

debug1: Reading configuration data /etc/ssh/ssh_config

debug1: /etc/ssh/ssh_config line 47: Applying options for *

debug1: Connecting to host.domain.com port 55022.


Just hangs from there, eventually times out.

Apr 13, 2020 5:32 PM in response to Anomuumi

I'm facing the same issue on macOS Catalina 10.15.4.


juanhao@MacBook ~ % ssh -vvvv root@server127 -p 5520

OpenSSH_8.1p1, LibreSSL 2.7.3

debug1: Reading configuration data /Users/juanhao/.ssh/config

debug1: Reading configuration data /etc/ssh/ssh_config

debug1: /etc/ssh/ssh_config line 47: Applying options for *

debug1: Connecting to server127 port 5520.

Apr 20, 2020 5:23 AM in response to Anomuumi

This "resolved" the problem for me:


Either adjust your ssh command and add the ConnectTimeout parameter, setting it to 5:

ssh someuser@somehost -oConnectTimeout=5 -p somehighportnumber


OR


Edit /etc/ssh/ssh_config

sudo vi /etc/ssh/ssh_config

and remove the "#" in front of ConnectTimeout parameter + set its value to 5

ConnectTimeout 5


Note: after I changed my config file a month or two ago, today probably an update reverted it back to default breaking my ssh connectivity again. After spending too much time searching for what my solution was previously, I decided to share it here so I can find it back again :-)

Catalina 10.15.4 SSH port > 8192 does not work when using server name instead of IP

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.