On Jan 26, 2025, at 7:12 PM, Ryan Carsten Schmidt <ryandes...@macports.org> wrote: > On Jan 26, 2025, at 14:17, Daniel J. Luke wrote: >> >> After thinking that I had somehow broken my home network - it looks like >> I'm actually stumbling on Sequoia's Local Network blocking. >> >> If I ssh into a Mac on my LAN, I can't ssh out using MacPorts openssh to >> other hosts on the same subnet (dtruss shows connect() failing and ssh >> reports No route to host) the Apple-provided ssh client /can/ ssh out just >> fine. I don't get a prompt to allow local network access on my Mac. If I run >> the ssh client as root, it is able to ssh out. Of course, ssh doesn't appear >> in the Systems Setting panel for this, so I can't grant it access. >> >> Looking over >> https://developer.apple.com/documentation/technotes/tn3179-understanding-local-network-privacy >> - it appears that there's an exception for command line tools in Terminal >> or over SSH. Have any of us looked into this stuff at all? Is there >> something in Apple's provided sshd that we can mimic or is it using Apple's >> signature so we're just limited to perhaps opening bug reports with Apple? > > On Intel or Apple Silicon? I had some problems like that on Intel (such as > https://trac.macports.org/ticket/70945 ) which were helped by manually > codesigning the executable. This shouldn't be a problem on Apple Silicon > where everything is already codesigned.
Intel, and that's a good idea to try... I just tried codesigning /opt/local/bin/ssh (and then also /opt/local/sbin/sshd) but it didn't change anything. I've had some of the security stuff take a while to actually work before, though so I'll also give it a try later (and probably reboot just to check too). I'll try and get my hands on an arm64 box to test with on my local network too and see if that makes a difference or not. -- Daniel J. Luke
