SSH Broken in Sequoia

Breaking SSH with new OS releases seems to be a habit with Apple. Sequoia is no exception. However, there is a workaround:

Fifteen:~ mnewman$ ssh sellotape
ssh: connect to host sellotape port 22: No route to host
Fifteen:~ mnewman$ ssh sellotape.local
Last login: Wed Oct  2 14:48:53 2024 from fe80::4d5:db02:81d6:74d5%en0
Sellotape:~ mnewman$

Note that the firewall is disabled on both machines and that remote login is enabled on both.

I’m not smart enough to know why this happens. If you know, please post.

unless you added ‘sellotape’ in your hosts file at some point I’m not that would ever have worked?
The ‘ssh sellotape’ would query DNS for the hostname sellotape which doesn’t exist.
Adding the .local causes macOS to query local devices only.

Yes, sellotape is in the hosts file. SSH to the Macs has been working for years without the need for .local

On 15.1 I have a machine in the host file and it’s working just fine.
Have you double checked your hosts file?

1 Like

Hosts file is fine. Perhaps the problem is fixed in 15.1. I’m not the only one to have had this problem.

SSH broken in Sequoia < Apple Discussions

That is a totally different issue, they cannot create an ssh connection at all.
Your issue is a DNS one, ‘No route to host’ implies it can’t find the machine at all let alone trying to connect to it.

2 Likes

This also looks like a routing issue to me. What happens when you enter the command traceroute Sellotape from the Fifteen computer? If you get “unknown host Sellotape”, then this is definitely broader than SSH. If so, I’d take one more look at /etc/hosts. Perhaps the IP address of Sellotape has changed?

1 Like

Here’s the problem: If you have Private Wi-Fi address enabled, then the Mac ignores the address reservation setting on the router and simply picks an IP, seemingly at random. For example, Sellotape is assigned the IP 192.168.0.76 by the router, but the IP selected by the Mac is 192.168.0.70 which, of course, differs from the hosts file. To get the hosts file to work, you have to turn off Private Wi-Fi address.

Now it works:

Fifteen:~ mnewman$ ssh sellotape
Last login: Thu Oct  3 04:46:06 2024 from 192.168.0.78
Sellotape:~ mnewman$

You can turn off DHCP on the Mac and manually specify an IP address for your machine sellotape. You’d likely want to set the router to assign addresses to a specific range (e.g., 192.168.0.100-192.168.0.250) and then manually set the Mac’s address to something outside that range, like 192.168.0.50.

Or, of course, continue to use DHCP and use sellotape.local, which your machines should be able to find locally.

Or also turn off private WiFi address. Since I never use my Mac on anything other than my own networks, it really doesn’t matter to me.

1 Like

How are you assigning the IP address to the Mac? If it is an “static” DHCP assignment in your router by MAC address, that would explain it BUT, the documentation says that the default is for the private (MAC) address to not rotate; once assigned, it should stay the same.

So I’m thinking, if you turned on Private WiFi Address and accepted the default (Fixed), then you’d just need to update the MAC address used for the DHCP assignment in the router.

But, I looks to me like the Private WiFi Address is per-network, so you could leave it off for your home connection and on for others. The point of a private WiFi address is to prevent its use as a tracking identifier. There’s not that kind of risk when you’re connecting to your own network.

That being said, I’ve always used computer_name.local for SSH.

1 Like

The router assigns a fixed IP address to all the stay-at-home computers on the LAN. I have Private Wi-Fi Address enabled for devices that leave home, such as phones and tablets. I had not enabled Private Wi-Fi Address for the Macs, but apparently when I installed Sequoia it was enabled by default.

Perhaps enabling by default is a good idea, but as demonstrated above, it fooled me for quite some time.

Using a router-assigned IP address has worked for me for a long time, so I think I’ll leave it as is for now.

1 Like

Thanks to those who posted. Without those comments I would have never figured this out on my own.

4 Likes

That makes perfect sense. Static IP address configuration in a router associates IP addresses with MAC addresses. If your Mac is randomizing its MAC address, then it won’t get your static configuration.

You could, however, make your static configuration in the Mac instead of in your router. Change the interface’s IP configuration from “Using DHCP” to “Using DHCP with Manual Address”:

Then pick an address that’s outside of your router’s DHCP range (you should be able to configure a non-DHCP range if there isn’t already one).

If you move your Mac to different locations and need to use full DHCP configuration in other locations, you can create multiple locations in your network settings:

Each location contains a full set of network configurations. My Macs have three locations configured:

  • Automatic. This gets almost everything from DHCP, but has a manual configuration for Google DNS (8.8.8.8 and 8.8.4.4). If you don’t like Google, you could use any other public DNS, like the Cloudflare 1.1.1.1 service.
  • Full Auto. This gets everything from DHCP. I generally only use this if I’m traveling and the site (typically a hotel) blocks external DNS servers.
  • Home. Manual configuration for my home LAN, including a static IPv4 address and DNS pointing at my (Raspberry Pi-hosted) DNS server. (My Raspberry Pi also runs my home DHCP server, and assigns itself as the DNS server).

When you travel, you can use the Apple menu to quickly change locations:

Screenshot 2024-10-02 at 23.00.34

2 Likes

I could do all this, but I’d have to be convinced that it is somehow preferable to what I’m doing now and have been doing for many years. It only broke when Apple enabled Private Wi-Fi Address by default.

I don’t travel with this machine (a big old iMac), so I don’t need to use locations with it.