13

Every SSH connection exits with an abnormal code.

For example

ssh [email protected] true

results in

Feb 11 10:16:47 mac-mini com.apple.xpc.launchd[1]: (com.openssh.sshd.163F2BE0-40C6-4B17-AB4E-5A0A07A524DE): Service instances do not support events yet.
Feb 11 10:16:48 mac-mini.home sshd[35674]: Accepted publickey for corti from ***.***.***.*** port 65030 ssh2
Feb 11 10:16:48 mac-mini.home sshd[35676]: Received disconnect from ***.***.***.***: 11: disconnected by user
Feb 11 10:16:48 mac-mini com.apple.xpc.launchd[1]: (com.openssh.sshd.163F2BE0-40C6-4B17-AB4E-5A0A07A524DE[35674]): Service exited with abnormal code: 255

Why is sshd exiting with a non zero return value (i.e., 225)?

Matteo
  • 8,855
  • 4
    I know this is old, but did you ever figure this out? I'm troubleshooting a nighttime problem with rsync and I've noticed that all of my launchd/sshd sessions on the server end with "abnormal code: 255". – tim.rohrer Aug 21 '16 at 17:20
  • I think I've found the solution. Checkout https://unix.stackexchange.com/questions/461851/solved-start-sshd-on-mac – pkgajulapalli Aug 13 '18 at 01:57

4 Answers4

15

In recent macOS versions, the rotten fruit geniuses have restricted SSH access to admin users only. I was having this 'service exited with abnormal code' issue and I fixed it by Preferences -> Sharing -> Remote Login: On and 'Allow Access to': All Users (or the users/groups you want). You must be an admin to do that (you must be able to unlock the locker icon on the bottom left).

Two hours wasted, damn idiots...

zakmck
  • 386
  • 1
    That's not the problem I describe. The SSH login is working. It's result code of the ssh binary that always return 255. I have no problems with the connection – Matteo Jul 06 '18 at 15:52
  • Exactly, I could connect and pass the password challenge and then the client got 'Server closed connection', while the server was logging 'exited with abnormal code 255'. You might have another problem, but I had the same symptoms and I fixed it the way I said. – zakmck Jul 06 '18 at 16:18
  • 2
    But in my case the connection is successful: it’s only the code that is wrong. – Matteo Jul 06 '18 at 16:19
  • 1
    You mean you can login and start a sesion anyway? I couldn't. – zakmck Jul 06 '18 at 16:20
  • 2
    Yes exactly. It’s only the return code. – Matteo Jul 06 '18 at 16:42
  • 1
    I think its worth noting that this is probably the most common cause of this status code - the connection will open, and then close before the user is given a process. I think this change was wisely done by Apple, ebcause some apps/services install users, and a user who has enabled remote login then has open users with known default passwords on (who is unaware).

    I wouldn't recommend opening to 'all users', but I would recommend allowing specific users and maintaining control over who can and can't access your computer remotely.

     – Jmons Sep 19 '19 at 10:14
  • I've never seen an app that creates regular users. Maybe some open source installers change /etc/passwd or /etc/group, but usually they create service-dedicated users (eg, apache, mysql), which don't have proper login access anyway. – zakmck Sep 24 '19 at 21:55
2

I was running into this issue because of the default "Allow ssh access only to admin" setting, but wanted a command-line only solution.

I changed it by adding the user to the admin (and wheel for good measure) group:

sudo dscl localhost -append /Local/Default/Groups/admin GroupMembership $USER
sudo dscl localhost -append /Local/Default/Groups/wheel GroupMembership $USER
Rian Sanderson
  • 183
  • This seems quite dangerous, or not? wheel can read/write in many places where really only root should be around (e.g., /var/root/). – nisc Sep 18 '21 at 18:54
1

I've seen this on a number of Macs lately. In all instances I've traced it to people knocking on the door, i.e., dialing port 22 and trying to get in. I had to change my external routers to port map 22 to a different port. They haven't found that one yet but I figure I'm only one port scan away from having to do something more drastic.

David Presotto
  • 11
-1

Make sure that your user corti has Remote Login feature enabled in Sharing Preferences.

kikap
  • 111