3

I cannot SSH specific servers like micro/small instances of AWS, DigitalOcean, and so on after upgrading to macOS Ventura & OpenSSH_9.0p1, LibreSSL 3.3.6

client_1 logs

ssh -vvv user@server -p port

OpenSSH_9.0p1, LibreSSL 3.3.6
debug1: Reading configuration data /Users/user/.ssh/config
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 21: include /etc/ssh/ssh_config.d/* matched no files
debug2: resolve_canonicalize: hostname host is address
debug3: expanded UserKnownHostsFile '~/.ssh/known_hosts' -> '/Users/user/.ssh/known_hosts'
debug3: expanded UserKnownHostsFile '~/.ssh/known_hosts2' -> '/Users/user/.ssh/known_hosts2'
debug1: Authenticator provider $SSH_SK_PROVIDER did not resolve; disabling
debug3: ssh_connect_direct: entering
debug1: Connecting to host [host] port port.
debug3: set_sock_tos: set socket 3 IP_TOS 0x48
ssh: connect to host host port port: Operation timed out

wireshark

wireshark screenshot for client_1 logs

server logs

tcpdump -n -vv -i any src or dst xxx.xxx.xxx.xxx

Empty
  • client_1 = macOS terminal + OpenSSH client (timeout)
  • client_2 = VirtualBox ubuntu 22.10 + OpenSSH client (works)
  • client_3 = Termius.app (I don't know which OpenSSH they are using, but it works)

client_1 is the OS-host of client_2 and client_3.

Already tried

https://apple.stackexchange.com/a/448728

It may be related

https://stackoverflow.com/questions/74215881/visual-studio-2022-wont-connect-via-ssh-on-macos-after-upgrading-to-ventura
https://developercommunity.visualstudio.com/t/macOS-Ventura-130-Beta---Impossible-to-/10163760#T-N10187152

Giacomo1968
  • 53,069
  • 19
  • 162
  • 212
joji_fx
  • 51
  • 1
  • 6
  • `ssh: connect to host host port port: Operation timed out` looks like a network or firewall problem – Bodo Nov 15 '22 at 09:29
  • Hi @Bodo, why do you think that? Using a different client, I can connect to the server from the same IP as with the default macOS ssh doesn't work. – joji_fx Nov 15 '22 at 10:39
  • I may be wrong, but the error message looks like a connection timeout. Normally you would get a message `debug1: Connection established.` instead of the error message in the last line of output. That's why I assume that packets get lost somewhere. To me it was not clear from your question that you use different clients with the same IP originating IP address. I suggest to [edit] your question, make this more clear and show similar debug output from a different client in a way that we can compare the IP addresses. You could use Wireshark to see more details about the failed connection attempt. – Bodo Nov 15 '22 at 11:43
  • Hi @Bodo, thanks for your answer and your time! Let me edit the original question – joji_fx Nov 15 '22 at 17:19
  • Please don't edit the answer into your question. Write an answer instead. In addition to referring to the other answer, write what exactly you did. The other answer has low quality as it does neither tell which file to modify nor what the change does or why it solves the problem. – Bodo Nov 16 '22 at 08:59
  • 1
    Hi @Bodo! Done :)! There is one thing missing: the explanation of why restarting IPQoS to its default value works. I have no clue tbh, but I can come back and edit the answer if I discover it in the future or if someone else does. Thanks for your guidance. – joji_fx Nov 16 '22 at 09:25
  • Great you solved this! But [please do not edit your question to say “Solved!”](https://superuser.com/posts/1752882/revisions) and stuff like that. What you did by [posting an answer](https://superuser.com/a/1753063/1672070) is 100% exactly what you should have done and you did it! Great! Just always keep questions as questions and answers as answers. – Giacomo1968 Dec 23 '22 at 02:19

2 Answers2

2

Solution that worked for me

https://apple.stackexchange.com/a/279061/478974

Edit the client config file (user: ~/.ssh/config or system: /etc/ssh/ssh_config) and add these lines:

Host *
  IPQoS 0x00

You might want to add this config only for a specific host, and maybe this is a better approach, learn how to do it [here][1].

Also, I am not an SSH expert. You might find some helpful info [here][2] if you want to know more about what the IPQoS option does. [1]: https://www.youtube.com/watch?v=MWqfc_fegVg [2]: https://man7.org/linux/man-pages/man5/ssh_config.5.html

Giacomo1968
  • 53,069
  • 19
  • 162
  • 212
joji_fx
  • 51
  • 1
  • 6
2

Same error in my case. I'm using MAC and err with bitbucket. After upgrading to Ventura on MAC, this is expecting other authentication algorithm than rsa. Previsouly my keys are of rsa. But I removed my rsa publick key from my bitbucket and added new pub key which is generated using ed25519 algo. ssh-keygen -t ed25519 Just after adding this new publick key, it started working for me More info: https://statistics.berkeley.edu/computing/ssh-keys

venkat
  • 121
  • 2