It’s always tempting to install the latest releases of your preferred software and operating systems. After all, that’s the message we pass to our beloved users: “Patch, patch, and patch again!”. Last week, I was teaching for SANS and decided to not upgrade my MacBook to macOS 15.0 (Sequoia). Today, I had nothing critical scheduled and made the big jump. Upgrading the operating system is always stressful but everything ran smoothly. So far so good…

Later, I started to do my regular geek tasks and connected to several SSH hosts. After a random amount of time, I noticed the following error for many connections:

ssh_dispatch_run_fatal: Connection to x.x.x.x port 22: Connection corrupted

This happened multiple times. I started to google for some users’ feedback and experiences. It seems to be a problem faced by many people. What I’ve read:

It happens randomly
It affects IPv4 / IPv6
Not related to an SSH client (term, iTerm2, same)
People who upgraded to 15.0.1 have less frequent disconnections but the problem is not solved yet
Some recommendations (worked for some users)

Disable the macOS firewall
Turn off “Limit IP address tracking
Disable private rotating MAC
Disable tools like LittleSnitch

There is no “magic recipe” to fix the issue. On my Mac, disabling the address tracking did the job. I’ve now an SSH session open for 2h+.

Many forums are covering this topic. The most complete one I found is on the Apple support forum[1]. In conclusion, if SSH is a critical protocol for you, maybe hold on before upgrading your macOS.

Tip: If you need to SSH to a host, be sure to start your shell in a “screen” (or Byobu, … ) session[2] to not lose your work.

[1] https://discussions.apple.com/thread/255761702?sortBy=rank&page=1
[2] https://ss64.com/bash/screen.html

Xavier Mertens (@xme)
Xameco
Senior ISC Handler – Freelance Cyber Security Consultant
PGP Key

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.