MacOS Sierra SSH (and other) Issues

Tuesday, October 4, 2016 - 16:23

You know how it is, it's too late in the evening to kick off an OS update - you know it is - but when is the right time...

Your wild-self leans over your shoulder and clicks - upgrade! - noooo.

That 29 minutes remaining message seems to last for hours and you regret the devil that made you start this at this time of night..

For me at least, apart from taking the time to download and install, the upgrade was uneventful; switch off and go to bed.

The next morning I try my laptop (not my main work machine fortunately) and ssh starts complaining.

Here are ~~two~~ some common issues and how to solve them:

Issue #1: SSH Config file error

Symptom: You run ssh as usual but are faced with an error and ssh fails.

/Users/username/.ssh/config: line 2: Bad configuration option: useroaming
/Users/username/.ssh/config terminating, 1 Bad configuration options

This may be due (was in my case at least) to having the following line in your ssh config file:

UseRoaming no

Solution: Comment out the line or delete it as the vulnerability it mitigated is no longer an issue.
see https://www.solved.tips/sshconfig-line-7-bad-configuration-option-useroa...

Issue #2: SSH Passphrase

Symptom: SSH starts asking for your ssh passphrase (if you have one) when it didn’t before (because it got added to the keychain long ago)

Solution: Provide the passphrase ; )
To stop it asking each time add the following lines after the Host * line of ~/.ssh/config

IdentityFile ~/.ssh/id_rsa
AddKeysToAgent yes

You can see if the key has been added:

$ssh-add -l

see https://www.reddit.com/r/osx/comments/52zn5r/difficulties_with_sshagent_...

also see https://openradar.appspot.com/28394826

Update: Since the OSX 10.12.2 update you also need to tell SSH to use the Keychain to store the passphrase. Mattias Geniar found the solution for this one via https://twitter.com/aral/status/811305369372946432

IdentityFile ~/.ssh/id_rsa
AddKeysToAgent yes
UseKeychain yes

The reason is that the latest updates comes bundled with an updated OpenSSH package package that changes some default behaviour.

Mattias Geniar see: https://ma.ttias.be/mac-osx-keeps-prompting-ssh-key-passphrase-not-use-k...

Issue #3: Re-install Xcode commandline tools

Ok - so I will have to add some more to the list as the days go by - but this is a common one after a MacOS upgrade.

Symptoms: Homebrew, git and some other things will complain

Warning: No developer tools installed.
Install the Command Line Tools:
  xcode-select --install
Warning: Your Xcode is configured with an invalid path.
You should change it to the correct path:
  sudo xcode-select -switch /Developer

Solution: Re-install the XCode commandline tools

xcode-select --install

Issue #4: File permissions have been reset

Symptom: Homebrew complains that the ownership of /usr/local has changed

Warning: /usr/local is not writable.
You should change the ownership and permissions of /usr/local back to your user account.
sudo chown -R $(whoami) /usr/local

Solution: Reset the permissions/ownership to your user

sudo chown -R $(whoami) /usr/local

Issue #5: Local Apache Setup - It (no longer) Works!

Came across this one quite late after upgrading as I typically use Virtual Machines (VM) built with Ansible to do my local development.
Should have remembered this gotcha after doing the Yosemite upgrade from Mavericks.

But if you rely on the built in Apache webs server on MacOS, when you upgrade your MacOS, your local Apache configuration is overwritten.
Copies of the previous configuration files are saved as:
httpd.conf~orig and/or httpd.conf~previous

This will affect any changes you have made to your local configuration. Especially things like vhosts, timeouts, loaded modules etc

Symptom: Your local Apache websites no longer work and display the default It Works! message

Solution:

1) Use Virtual Machines for local development and then you won't be held hostage to changes such as this ;)

2) Compare the backed up versions with the new versions and migrate your customisations.

Don't simply restore them as there are "enhancements" in the new versions that you may wish to benefit from.

Things such as unsetting the proxy header, disabling proxy modules etc all which may not affect your local setup but prompt you to take on board these good practices when configuring your publically accessible servers.
You will also need to update the location of the PHP module to point to the one you want (e.g. a homebrew managed one not the default Apache one).

All things that you can avoid having to remember if you use and Virtual Machines and Ansible based roles for local development (assuming you use ones that do employ these updated/best practices) .

Hope that helps!