ssh fails when using -p flag

Originator:webdeck
Number:rdar://FB7641404 Date Originated:2020-04-26
Status:Open Resolved:
Product:macos Product Version:10.15.4
Classification: Reproducible:
 
/usr/bin/ssh in macos 10.15.4 hangs if used with the -p flag to specify an alternate port and used with a hostname.  This was not present in macos 10.15.3

For example, assuming hostname is a valid hostname, 1.2.3.4 is its corresponding IP address, and on the target hostname, ssh is running on both the default port 22 and a second port, 8822:

The following work as expected:

ssh hostname
ssh 1.2.3.4
ssh -p 8822 1.2.3.4

However, this will hang forever until interrupted:

ssh -p 8822 hostname

Furthermore, it doesn't matter what port or hostname you use, as long as it isn't a numeric IP address.  For example, all of these will hang as well:

ssh -p 8888 hostname
ssh -p 8822 hostname-that-does-not-exist

In contrast, using an invalid port with a numeric IP address gives the expected error:

ssh -p 8888 1.2.3.4
ssh: connect to host 1.2.3.4 port 8888: Connection refused

And using an invalid hostname without the -p switch also gives the expected error:

ssh hostname-that-does-not-exist
ssh: Could not resolve hostname hostname-that-does-not-exist: nodename nor servname provided, or not known

Using maximum verbosity doesn't give any clues, and max debugging on the sshd target host shows no connection is ever initiated:

ssh -vvv -p 8822 hostname
OpenSSH_8.1p1, LibreSSL 2.7.3
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 47: Applying options for *
debug1: Connecting to hostname port 8822.

netstat shows no connection attempt being made

Comments

Confirmed - disabling Automatic Proxy Configuration allows ssh to work properly again. I have updated my Apple bug report with this information - thank you, mfelliott, for identifying that!

Hmm. I can't replicate this on my work Mac.

% ssh -vvv -p 8822 hostname OpenSSH_8.1p1, LibreSSL 2.7.3 debug1: Reading configuration data /etc/ssh/ssh_config debug1: /etc/ssh/ssh_config line 47: Applying options for * debug1: Connecting to hostname port 8822. ssh: Could not resolve hostname hostname: nodename nor servname provided, or not known

% sw_vers ProductName: Mac OS X ProductVersion: 10.15.4 BuildVersion: 19E266

We do have a DNS proxy in place for work stuff via Umbrella.

On a personal Mac running the same OS I have the same behavior. No errors. I did notice that the DNS lookup that pops in and out of nettop is an IPv6 one.

By joshwisenbaker at April 1, 2020, 4:56 p.m. (reply...)

In my case, tuning off my Automatic Proxy Configuration with PAC file stops this weird behavior. Even running with a completely empty .pac file causes this issue.


Please note: Reports posted here will not necessarily be seen by Apple. All problems should be submitted at bugreport.apple.com before they are posted here. Please only post information for Radars that you have filed yourself, and please do not include Apple confidential information in your posts. Thank you!