Mountain Lion and SSH
For the most part upgrading to Mountain Lion has been surprisingly smooth.
However, I did run into a problem with SSH. After upgrading to Mountain Lion I noticed that connecting to servers at work via SSH was no longer working. Instead of connection I would just get:
Read from socket failed: Connection reset by peer
If you are curious as to what is happening keep reading. If you just want it fixed scroll down to the solution.
Why did it break
The issue appears to be that with the upgrade to Mountain Lion we have upgraded the version of OpenSSH. Googling around I found this page [http://www.held.org.il/blog/2011/05/the-myterious-case-of-broken-ssh-client-connection-reset-by-peer/] which describes a similar situation. It speculates that the list of ciphers being sent with the request is too long and somehow triggering the server to drop the connection. One of the workarounds is to specify the cipher list manually and sure enough that seems to fix my problem.
The solution
The fix is to specify the list of ciphers manually. The question is now which cyphers to use. The Apple documentation for the ssh config file specifies the default as being:
The default is:
aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,
aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,
aes256-cbc,arcfour
and that worked well for me.
You can specify this manually on the command line each time:
ssh -c="aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour" yourserver.com
but that is tedious. The better solution is to setup a local ssh config file that will set this for you automatically. If you don’t already have a config file setup just run the following command:
touch ~/.ssh/config
Then edit the file ~/.ssh/config and add the following:
# Fix connections that broke in mountain lion.
Host *.yourserver.com
Ciphers aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour
Obviously you will have to change yourserver.com to the host you are connecting to. If you want this to apply for all connections use ‘Host *‘ and it will match against all connections.
Save that file and you should be good to go.