{"id":243,"date":"2018-01-02T12:57:38","date_gmt":"2018-01-02T11:57:38","guid":{"rendered":"http:\/\/www.dolicapax.org\/?p=243"},"modified":"2018-01-02T14:32:13","modified_gmt":"2018-01-02T13:32:13","slug":"workaround-mac-os-x-high-sierra-10-13-2-ssh-tries-to-connect-via-http-proxy","status":"publish","type":"post","link":"https:\/\/www.dolicapax.org\/?p=243","title":{"rendered":"Workaround: Mac OS X High Sierra 10.13.2 &#8211; SSH tries to connect via HTTP proxy"},"content":{"rendered":"<p>With Mac OS X release 10.13.2 Apple introduced a new bug where\u00a0OpenSSH will attempt to use any web proxy configured from a DAC file.<\/p>\n<p>As SSH is not HTTP this will typically not work, resulting in connection timeouts or other connection errors.<\/p>\n<p>You are likely to encounter this problem if you are using a VPN solution such as Cisco AnyConnect with a web proxy in the group policy.<\/p>\n<p>Thankfully, netcat (nc) is not affected by the bug, so until Apple comes with a fix you can work around the issue by telling SSH to use netcat as a proxy channel.<\/p>\n<p>This alias will take care of it:<\/p>\n<style type=\"text\/css\"><!--\np.p1 {margin: 0.0px 0.0px 0.0px 0.0px; font: 19.0px Menlo; color: #28fe14; background-color: #000000; background-color: rgba(0, 0, 0, 0.9)}\nspan.s1 {font-variant-ligatures: no-common-ligatures}\n--><\/style>\n<pre>alias ssh=\"ssh -o ProxyCommand=\\\"nc %h %p\\\"\"<\/pre>\n<p>Alternatively you can add the option to your ssh config file, for a more permanent effect:<\/p>\n<pre>echo \"ProxyCommand nc %h %p\" &gt;&gt; ~\/.ssh\/config<\/pre>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>With Mac OS X release 10.13.2 Apple introduced a new bug where\u00a0OpenSSH will attempt to use any web proxy configured from a DAC file. As SSH is not HTTP this will typically not work, resulting in connection timeouts or other &hellip; <a href=\"https:\/\/www.dolicapax.org\/?p=243\">Continue reading <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[67],"tags":[70,72,68,71,69],"class_list":["post-243","post","type-post","status-publish","format-standard","hentry","category-mac-os-x","tag-mac","tag-nc","tag-openssh","tag-osx","tag-ssh"],"_links":{"self":[{"href":"https:\/\/www.dolicapax.org\/index.php?rest_route=\/wp\/v2\/posts\/243","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.dolicapax.org\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.dolicapax.org\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.dolicapax.org\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.dolicapax.org\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=243"}],"version-history":[{"count":3,"href":"https:\/\/www.dolicapax.org\/index.php?rest_route=\/wp\/v2\/posts\/243\/revisions"}],"predecessor-version":[{"id":245,"href":"https:\/\/www.dolicapax.org\/index.php?rest_route=\/wp\/v2\/posts\/243\/revisions\/245"}],"wp:attachment":[{"href":"https:\/\/www.dolicapax.org\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=243"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.dolicapax.org\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=243"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.dolicapax.org\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=243"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}