Firewall Issues - ssh_dispatch_run_fatal errors during SSH

I came on to post a different question, but thought this post was potentially relevant.

I factory reset to Sonoma and upgraded to Sequoia yesterday. Before I started adding anything, I was updating the settings, layouts, folders etc to make sure things are how I like it to be.

For some reason a few folders and items have been added to my shared folder - which I've never seen before. I don't think I've had anything in my shared folder before. (it might've always been there and that I wasn't observant/forgot)

So the new folder/items that have been put there are:

'/Users/Shared/Relocated Items/Configuration/private/etc/ssh.system_default'

Inside the ssh.system_default folder there is:

• crypto.conf symlink
• crypto/
  • apple.conf
  • fips.conf
• ssh_config.d/
  • 100-macos.conf
• sshd_config.d
  • 100-macos.conf
• moduli
• ssh_config
• sshd_config

Again, this could be absolutely fine/normal, but I was coming on here to ask if it was and saw this thread about ssh issues, so decided to message here first to see if maybe this is what's causing an issue for you? Maybe when you upgraded to Sequoia it moved some of your SSH config files to shared because it was conflicting for some reason?

I tried turning off "Limit IP address tracking" and "Private WiFi" with no luck. Tried using IPv6 network - hoping the issue is with the IPv4 stack, but still the same.

I have LittleSnitch but it is set to Silent Allow at the moment, since I am at home.

And no, disabling the Mac firewall is not an option.

I have heard of this issue right after Sequoia dropped.

Both issues on M2 Mac mini and M1 Pro MBP - SSH to Raspberry Pi and several other Linux VPS.

For some strange reasons, I was able to transfer 1+GB of file from the MBP to RPi using Forklift and it worked.

Just upgraded my Apple M1 Pro to Sequoia 15

Using Synergy to be able to share a cluster of monitors with a PC - it now freezes up constantly =(

WIFI at home

Wired at work

Continuously after SSHing to some servers,

debug2: sshpkt_disconnect: sending SSH2_MSG_DISCONNECT: Packet corrupt

ssh_dispatch_run_fatal: Connection to x.x.x.x port 22: Connection corrupted

Connection to y.y.y.y closed by remote host.

And when I use RDP, I frequently see this POPUP before it kicks off the remote host,,

"Because of error with Data Encryption, connection dropped"

Wish I could just revert Sequoia......

MacOS 15.0.1 fixes this issue.

I can now SSH to my Raspberry Pi with firewall turning on, Network Content Filter (Little Snitch) turned on.

UPDATE: Sorry, false alarm. Issue is still there. Might be a Little Snitch issue this time. Turning it off for the meantime.

SamWantsYouToChill wrote:

Here are some references:

• Since Sonoma update, multiple times I get… - Apple Community

• https://forums.developer.apple.com/forums/thread/729348

Well, that first link is you. The second link is good because it has lots of great and easy solutions.

It becomes more severe if you have a docking station with ethernet, VPN or a network filter (little snitch or lulu).

Those are all radically different. If you are having a problem with a docking station, it would be best to start your own question about that problem.

There is no such thing as "VPN". There are dozens of 3rd party products that advertise VPN services. They range from legitimate networking tools, to software piracy and file sharing tools, to scams, and even straight-up malware. If you are having a problem with a particular product, state the product so that other people can confirm, deny, or suggest alternatives.

Beyond that, you certainly aren't wrong saying that various 3rd party "privacy" and "security" apps have been a problem for many years. This tech support forum would be a ghost town without such apps.

I know many people who abandoned Mac because of this.

Apple has plenty of users, more than they need or want, probably.

If you want to know whether this issue is happening, while the internet/network is slow, just run a ping on your router. You'll get something like this:

$ ping 192.168.1.1

PING 192.168.1.1 (192.168.1.1): 56 data bytes

Request timeout for icmp_seq 0

Request timeout for icmp_seq 164 bytes from 192.168.1.1: icmp_seq=0 ttl=64 time=2306.502 ms

Looks fine here:

$ ping 192.168.2.1

PING 192.168.2.1 (192.168.2.1): 56 data bytes

64 bytes from 192.168.2.1: icmp_seq=0 ttl=64 time=4.008 ms

64 bytes from 192.168.2.1: icmp_seq=1 ttl=64 time=7.438 ms

64 bytes from 192.168.2.1: icmp_seq=2 ttl=64 time=4.012 ms

64 bytes from 192.168.2.1: icmp_seq=3 ttl=64 time=8.262 ms

64 bytes from 192.168.2.1: icmp_seq=4 ttl=64 time=4.858 ms

64 bytes from 192.168.2.1: icmp_seq=5 ttl=64 time=6.671 ms

I know you qualified that with "while the internet/network is slow" but what can I do? It's never slow.

I would've built the networking kernel module and debugged it myself, but this seems to be an issue with the Network Extension (since it's related to the OS firewall, filters, etc)... which is not open source! If it were open source, I swear I would happily build it in debug mode and fix it myself... this is how bad this is!

What's "the Network Extension"?

Wtf do we do?!

Don't run any of those firewalls or filters, either from Apple or 3rd party developers. You don't need them.

sandinak wrote:

This is one area where I think Microsoft had a better approach by having profiles based on network location that apply different levels of security profile; and other tools could benefit from the approach.

This is a user-to-user support forum for consumer users. Companies typically have all kinds of specialized configurations and software that we don't have and can't support.

MacOS has this profile-per-network location support for a long time. Unfortunately, Apple buried its configuration so deep that ordinary users will need a shovel to find it, I'm kidding, of course - but it is simply not as obvious as before, this is what I meant. :)

Use network locations on Mac - Apple Support

rom.ph wrote:

Whilst this is true that Apple cannot fix the problem caused by others, however, this issue should not be ignored.

I'm not saying it should be ignored. I'm saying it should be eliminated. Each and every* Sequoia user has the power to eliminate this problem in just a couple of minutes.

*I don't include corporate users. Some of the most utterly tech clueless people I've ever encountered work in corporate Mac IT support. I feel sorry for people stuck in that position. But this is a user-to-user support forum. We don't work for their company and can't fix those problems.

MacOS 15.0.x borks TCP connections.

It doesn't. I've not had the slightest problem. Sequoia is one of the most stable, trouble free macOS updates that I've encountered in many years.

See Little Snitch blog about Sequoia on TCP, Firewall issues https://obdev.at/blog/should-i-upgrade-to-macos-sequoia-now/

I'm a developer, so I've been running Sequoia since June. Why haven't any of these 3rd party developers or corporate IT folks been doing that? They have the same access to beta builds that I do. If there is any problem, they should be warning their users not to upgrade before they do so. In fact, that's always good advice, especially for anyone dealing with these kinds of low-level system modifications. I don't run Sequoia on my production machine where I do most of my development. That's still running Ventura.

Disabling all third-party Network Filters will alleviate the issue temporarily (until, hopefully a fix on 15.1). macOS Firewall set to **block** all incoming connections (with the exception of some internal processes) works for me as well (you can set this to allow all and fine-tune the setting per third-party application).

Just turn off all filters, firewalls, and 3rd party security apps. No one needs them anyway.

That's the problem. This is a user-to-user support forum. Our goal is solving problems, not blamestorming or wringing hands. There's an easy solution, so why not just solve it?

MacOS 15.0 is new, let's give Apple time to fix it

Doesn't matter to me. I don't have any problems. But it sure sounds like people are having lots of problems with it. So why not just click the "fix it" button? It's literally right there.

if a user installs Sequoia, knowing that there is this bug AND if it is mission critical, then get them to revert back to macOS 14. :)

Reverting to an earlier version of the operating system is a serious chore. In some cases, it may not be possible if people don't have a backup from before the upgrade. An even easier solution is to just click the button.

This is especially nasty for me with Adobe Creative Cloud app installs, and homebrew. Also often affects git pushes/pulls/forks, especially when they are called from within another script (such as homebrew).

Adobe indicates this as error 113, with installation error log messages like:

ERROR: Downloaded Size=327680 of segmentID=69 does match Validator Size=2097152

Homebrew installs often fail with an LibreSSL error, but since downloads nicely resume where they left off, will eventually finish after a series of restarts:

~ ▶ brew reinstall microsoft-excel                                                                                    ⁂
==> Downloading https://officecdnmac.microsoft.com/pr/C1297A47-86C4-4C1F-97FA-950631F94777/MacAutoupdate/Microsoft_Excel
                                                                                                                    0.2%curl: (56) LibreSSL SSL_read: LibreSSL/3.3.6: error:06FFF064:digital envelope routines:CRYPTO_internal:bad decrypt, errno 0

Error: Download failed on Cask 'microsoft-excel' with message: Download failed: https://officecdnmac.microsoft.com/pr/C1297A47-86C4-4C1F-97FA-950631F94777/MacAutoupdate/Microsoft_Excel_16.89.24091630_Installer.pkg
~ ▶ brew reinstall microsoft-excel                                                                                    ⁂
==> Downloading https://officecdnmac.microsoft.com/pr/C1297A47-86C4-4C1F-97FA-950631F94777/MacAutoupdate/Microsoft_Excel
#####################                                                                                              18.9%curl: (56) LibreSSL SSL_read: LibreSSL/3.3.6: error:06FFF064:digital envelope routines:CRYPTO_internal:bad decrypt, errno 0

Error: Download failed on Cask 'microsoft-excel' with message: Download failed: https://officecdnmac.microsoft.com/pr/C1297A47-86C4-4C1F-97FA-950631F94777/MacAutoupdate/Microsoft_Excel_16.89.24091630_Installer.pkg
~ ▶ brew reinstall microsoft-excel                                                                                    ⁂
==> Downloading https://officecdnmac.microsoft.com/pr/C1297A47-86C4-4C1F-97FA-950631F94777/MacAutoupdate/Microsoft_Excel
#####################################                                                                              33.0%curl: (56) LibreSSL SSL_read: LibreSSL/3.3.6: error:06FFF064:digital envelope routines:CRYPTO_internal:bad decrypt, errno 0

Error: Download failed on Cask 'microsoft-excel' with message: Download failed: https://officecdnmac.microsoft.com/pr/C1297A47-86C4-4C1F-97FA-950631F94777/MacAutoupdate/Microsoft_Excel_16.89.24091630_Installer.pkg
~ ▶ brew reinstall microsoft-excel                                                                                    ⁂
==> Downloading https://officecdnmac.microsoft.com/pr/C1297A47-86C4-4C1F-97FA-950631F94777/MacAutoupdate/Microsoft_Excel
#############################################################                                                      54.8%curl: (56) LibreSSL SSL_read: LibreSSL/3.3.6: error:06FFF064:digital envelope routines:CRYPTO_internal:bad decrypt, errno 0

Error: Download failed on Cask 'microsoft-excel' with message: Download failed: https://officecdnmac.microsoft.com/pr/C1297A47-86C4-4C1F-97FA-950631F94777/MacAutoupdate/Microsoft_Excel_16.89.24091630_Installer.pkg
~ ▶ brew reinstall microsoft-excel                                                                                    ⁂
==> Downloading https://officecdnmac.microsoft.com/pr/C1297A47-86C4-4C1F-97FA-950631F94777/MacAutoupdate/Microsoft_Excel
#############################################################################                                      69.0%curl: (56) LibreSSL SSL_read: LibreSSL/3.3.6: error:06FFF064:digital envelope routines:CRYPTO_internal:bad decrypt, errno 0

Error: Download failed on Cask 'microsoft-excel' with message: Download failed: https://officecdnmac.microsoft.com/pr/C1297A47-86C4-4C1F-97FA-950631F94777/MacAutoupdate/Microsoft_Excel_16.89.24091630_Installer.pkg

This memo from Harvard IT lists other common CLI error messages, but its advice to add SSH to macOS firewall did not work:

I am running Sequoia 15.0.1 (24A348) stable release channel on a 2021 MacBook Pro, M1 Max.

I was hoping the recent release of OpenSSL 4.0.0 might address this, but I don't notice any change after upgrading OpenSSL via homebrew.

Hi

Disabling the firewall can not be a solution.

Since macos 15.0.1 is using OpenSSH it could be a cipher problem.

Following parameter cipher add works now for an hour!

ssh -c aes256-gcm@openssh.com user@targethost

works also with

ssh -c chacha20-poly1305@openssh.com user@targethost

But it helps only for 1, 2 hours then the behaviour comes back.

Same problem here .... 2 weeks ago I upgraded from 14.7 to 15.01 ... ever since my ssh connections are *very* flaky; the breakdown anywhere between 15 minutes and 2 hours, with the same error message:

Bad packet length 1345936880.
ssh_dispatch_run_fatal: Connection to 210.7.46.210 port 22: Connection corrupted

Trying the *trick* others mentioned in places (adding a specific cipher) gave me this immediately:

ssh_dispatch_run_fatal: Connection to w.x.y.z port 22: message authentication code incorrect

I also experience issues w/ e.g. vSphere/vCenter ... virtual consoles disconnect spontaneously at random times (independent of the browser session from which the were spawned, the session remains active, just the console disconnects).

It is possible 15.1 attempted a fix which worked for some but not for others. In lieu of comprehensive changelogs or public bug reports, more anecdata is useful; fighting is not. I plan to upgrade to 15.1 tonight.

This bug continues to affect Homebrew and Adobe Creative Cloud the worst for me on Sequoia 15.0.1 (24A348). It's truly random where and when it hits, but I'd say any download session lasting longer than 2 minutes is unlikely to succeed. At least Homebrew is able to pick up where it left off and eventually finish with a series of retries. Creative Cloud starts from scratch each time, making Adobe app installs or updates nearly impossible.

I've also seen Git pulls/pushes and Safari downloads stall for (I presume) related reasons, but it's rarer.

This has been my experience. I was getting (noticeable) drops every 5-10 minutes on 15.0 - usually while web browsing or Slack Huddle .. i noticed 1 drop (ERR_SLL_PROTOCAL_ERROR in chrome) all of yesterday.

So not fixed, but 15.1.0 has definitely reduced the issue for me.

For those who are still facing connectivity issues (and can prove it with pings, like I showed), turning off the firewall still helps most of the time. I'm hoping that Apple will continue debugging my ticket in Feedback Assistant, but I'm losing hope over time. If you face this issue, please create a ticket in the Feedback Assistant too, and explain that this issue can be a subset of this post.

just upgraded to macos 15.0.1 and seems the issue is fixed?

notes

well... i need some more time to test carefully