3

As of 2 days ago, my attempts to scp files from my laptop to servers consistently fail for files larger than ~200 KB with the error "client_loop: send disconnect: Broken pipe" This coincided with an upgrade of my laptop to MacOS 11.3 (from 11 whatever-it-was-before-that).

$ dd if=/dev/urandom of=test.dat count=400 2> /dev/null && ls -l test.dat && scp test.dat $DST
-rw-r--r--  1 xxxx  staff  204800 Apr 28 11:27 test.dat
test.dat                                        0%    0     0.0KB/s   --:-- ETAclient_loop: send disconnect: Broken pipe
lost connection

This is definitely new, as I'm using scp on an almost-daily basis and never had an issue before the update. This behavior is also visible on 2 different server architectures I've used as a destination (NAS and Raspberry Pi - to rule out a coincidental server misconfiguration) as well as using my Linux desktop as a client (no issues as well). What is also weird is that the problem shows for both stock SSH as well as for Homebrew SSH install, which hints of either SSH client configuration issue or a bug in the networking stack. I'm curious if anyone else is observing the same issue. sftp exhibits the same problem.

On the server side, here's what I get in the log:

May  1 23:27:27 myhost sshd[21774]: Bad packet length 116136902.
May  1 23:27:27 myhost sshd[21774]: ssh_dispatch_run_fatal: Connection from user pi XXX.XXX.XXX.XXX port 59948: Connection corrupted

P.S. One [very imperfect] way to work around this issue is to use a sufficiently low bandwidth limit (-l option) but it is not great as it makes transfers glacially slow.

Alexander L. Belikoff
  • 131
  • 1
  • 1
  • 5

5 Answers5

1

Problem solved for SFTP, hopefully this helps in your debugging of SCP.

I just recently updated to 11.3 and had this problem setting up SFTP with a jailed account. In debugging I identified that this error only occurred if I included the ChrootDirectory entry for my jailed account in /etc/ssh/sshd_config. When ChrootDirectory was commented out I did not get this error.

My problem was permissions on the directories above the jailed directory. Once properly set, and ChrootDirectory added back, then jailed user and directory worked as expected with no error.

Info on setting up the permissions properly (even though it references leopard):

https://macresearch.org/restricted-sftp-mac-os-x-leopard/

AJ42
  • 11
  • 2
1

I found that disabling "Firewall -> Connection Blocking" on Norton Internet Security solved my case.

I may use -l option for scp until the issue is fixed, though.

krhitoshi
  • 11
  • 1
0

Try editing your /etc/ssh/sshd_config or ~/.ssh/config files and add/ update;

ClientAliveInterval 300

https://man.openbsd.org/sshd_config.5#ClientAliveInterval

Pobtastic
  • 136
  • 2
  • ClientAliveInterval makes sense on server only. Besides, the error shows up almost instantaneously - much earlier than 5 min. Just to make sure, I've tried it by adding it on the server and indeed there's no effect. – Alexander L. Belikoff Apr 29 '21 at 22:54
0

OK, after trying to eliminate all degrees of freedom, it looks like I've found the culprit: Norton Internet Security. Uninstalling the latter made the problem go away.

Alexander L. Belikoff
  • 131
  • 1
  • 1
  • 5
0

I had the same problem on macOS 11.4 (upgrade from 10.something): client_loop: send disconnect: Broken pipe from scp to the client unless I was using -l 9000 or below. sftp and git and rsync were all affected by similar issues, but I could do ssh without any problem. Eventually, I found out that the problem was with some Cisco AnyConnect Socket Filter components.

This is how I could restore the original functionality:

launchctl unload -w /Library/LaunchAgents/com.cisco.anyconnect.gui.plist

launchctl unload -w /Library/LaunchAgents/com.cisco.anyconnect.notification.plist

Then, removed all Cisco AnyConnect Socket Filter components from the Network Preferences panel, and rebooted. Answering "Don't allow" when Cisco was trying to start the filters upon rebooting.

marcof
  • 1