Firewall Issues - ssh_dispatch_run_fatal errors during SSH

Turning off "Limit IP address tracking" and disabling "Private Wi-Fi address" has not resolved the issue for me.

• Latest macOS on M1 Ultra Studio

sandinak wrote:

This is one area where I think Microsoft had a better approach by having profiles based on network location that apply different levels of security profile; and other tools could benefit from the approach.

This is a user-to-user support forum for consumer users. Companies typically have all kinds of specialized configurations and software that we don't have and can't support.

MacOS has this profile-per-network location support for a long time. Unfortunately, Apple buried its configuration so deep that ordinary users will need a shovel to find it, I'm kidding, of course - but it is simply not as obvious as before, this is what I meant. :)

Use network locations on Mac - Apple Support

I came on to post a different question, but thought this post was potentially relevant.

I factory reset to Sonoma and upgraded to Sequoia yesterday. Before I started adding anything, I was updating the settings, layouts, folders etc to make sure things are how I like it to be.

For some reason a few folders and items have been added to my shared folder - which I've never seen before. I don't think I've had anything in my shared folder before. (it might've always been there and that I wasn't observant/forgot)

So the new folder/items that have been put there are:

'/Users/Shared/Relocated Items/Configuration/private/etc/ssh.system_default'

Inside the ssh.system_default folder there is:

• crypto.conf symlink
• crypto/
  • apple.conf
  • fips.conf
• ssh_config.d/
  • 100-macos.conf
• sshd_config.d
  • 100-macos.conf
• moduli
• ssh_config
• sshd_config

Again, this could be absolutely fine/normal, but I was coming on here to ask if it was and saw this thread about ssh issues, so decided to message here first to see if maybe this is what's causing an issue for you? Maybe when you upgraded to Sequoia it moved some of your SSH config files to shared because it was conflicting for some reason?

mikeloiterman wrote:

Obviously, that isn't a long term fix, however.

Why not?

Same problem, kind of bad

ssh_dispatch_run_fatal: Connection to 172.16.5.131 port 22: Connection corrupted

Not sure if it's just me, but it seems like the speed of rsync via ssh also slowed down severely after the upgrade, even if I disabled the firewall.

just upgraded to macos 15.0.1 and seems the issue is fixed?

notes

well... i need some more time to test carefully

yep.. i have to admit, slightly better than before

Not sure if this is related to your issue but after updating to 15.0.1 my Yahoo custom page no longer loaded half the time. Only fix was to turn off the firewall.

Hi Mike,

After a dreadful morning with all sorts of weird connection problems, found your post here, and thanks to it I found out the culprit (at least for me).

If you happen to be using a content filter or proxy, disable it (at least temporarily). I was using Microsoft Defender and as soon as I turned it filter off in Network > Filters all issues gone. No need to turn off Firewall.

HTH.

So with respect, security is a layered architecture. The default MacOS firewall, while less than optimal for many reasons and uses; still DOES block by default most inbound connections at a minimum. I too personally use Little Snitch as I want way more security than the default provides; however having this as a base doesn't hurt.

That being said, there's another issue here. Many companies REQUIRE the Firewall to be enabled as part of security profile; or other things are disallowed. So in those cases you're ****** if you do and ****** if you don't ;) I am probably gonna have to revert to a previous backup tonight to get back to functionality.

lolaunderthegate wrote:

For those of you bypassing by disabling the firewall -- that's not a practical solution for enterprise users who either should not or cannot disable firewall.

Just for clarification. I understand if you have some corporate policy that requires the firewall. You probably also have some corporate policy to install antivirus and key loggers. Corporate IT is hilariously incompetent.

But we don't work for your company. We can't fix those policies. All we can fix are your Mac problems.

UPDATE: My SSH connection seems stable with Firewall ON, Limit IP Address Tracking ON, Private WiFi OFF (need it for MAC address pairing for DHCP at home), but Little Snitch OFF (Network-Filters - all disabled). I also contacted Little Snitch creator and was told that the issue **might** be solved by 15.1 (not 15.0.1, unfortunately).

Version 15.0.1 still has the same issue, and it's becoming really frustrating! Sometimes the problem occurs immediately after connecting to the server via SSH. I've also encountered some SSL issues.

I'm surprised Apple allowed this bug to persist in 15.0.1, especially since it was reported before the release of 15.0!

I was seeing this as well, the solution (for me) was that I noticed under network > VPN & Filters Lulu was present under Filters & Proxies even though I had not been using it for years (upgraded to little snitch). Once I removed it from the Filters & Proxies it has been stable ever since.