macOS Sequoia: System/Network Admins, Hold On!, (Mon, Oct 7th)
2024-10-7 23:58:48 Author: isc.sans.edu(查看原文) 阅读量:4 收藏

It's always tempting to install the latest releases of your preferred software and operating systems. After all, that's the message we pass to our beloved users: "Patch, patch, and patch again!". Last week, I was teaching for SANS and decided to not upgrade my MacBook to macOS 15.0 (Sequoia). Today, I had nothing critical scheduled and made the big jump. Upgrading the operating system is always stressful but everything ran smoothly. So far so good...

Later, I started to do my regular geek tasks and connected to several SSH hosts. After a random amount of time, I noticed the following error for many connections:

ssh_dispatch_run_fatal: Connection to x.x.x.x port 22: Connection corrupted

This happened multiple times. I started to google for some users' feedback and experiences. It seems to be a problem faced by many people. What I've read:

  • It happens randomly
  • It affects IPv4 / IPv6
  • Not related to an SSH client (term, iTerm2, same)
  • People who upgraded to 15.0.1 have less frequent disconnections but the problem is not solved yet
  • Some recommendations (worked for some users)
    • Disable the macOS firewall
    • Turn off "Limit IP address tracking
    • Disable private rotating MAC
    • Disable tools like LittleSnitch

There is no "magic recipe" to fix the issue. On my Mac, disabling the address tracking did the job. I've now an SSH session open for 2h+.

Many forums are covering this topic. The most complete one I found is on the Apple support forum[1]. In conclusion, if SSH is a critical protocol for you, maybe hold on before upgrading your macOS.

Tip: If you need to SSH to a host, be sure to start your shell in a "screen" (or Byobu, ... ) session[2] to not lose your work.

[1] https://discussions.apple.com/thread/255761702?sortBy=rank&page=1
[2] https://ss64.com/bash/screen.html

Xavier Mertens (@xme)
Xameco
Senior ISC Handler - Freelance Cyber Security Consultant
PGP Key


文章来源: https://isc.sans.edu/diary/rss/31330
如有侵权请联系:admin#unsafe.sh