(Prelude: All, I had reported a problem with LS and incoming port 22 connections to ObjDev on 10/18. I received a response on 10/22 but unfortunately my originally reported suspicions related to a possible DNS correlation seemed to throw off the tech and the answers were off base. I had since confirmed the problem on a second machine at work and I've been wanting to follow up with support but been really busy. I've had a browser window open to this forum since then and as I was just cleaning up some tabs in Safari I noticed this thread...)
I can't say every problem in this thread is specifically caused by what I discovered. For those that have picked up on a correlation to inbound port 22 connections it does. For others that have Remote Access enabled in the Sharing control panel, it very may well. The problem in many cases manifests itself as a screen saver or black screen you can't exit out of or a desktop session that slowly stops responding, starting with the dock, menu bar and then individual apps. There is no registered kernel panic or process spin dump. Everything just stops responding and your forced to reboot. It occurs the first time the machine receives an inbound ssh connection. Little Snitch may or may not (I've see it do so once, often not) present a connection alert dialog. Either way, your system is already doomed.
Here is the fix:
1) Boot the machine and immediately go to the Little Snitch menu bar icon and select "Stop Network Filter". (If your machine locks up before you can even get that far, your likely getting an inbound ssh connection. If you have Remote Access open to the world, your almost guaranteed to be under a brute force attack attempt at some point every day. I'm not over exaggerating. Anyhow, if this is happening to you try pulling your network cable out of your computer if on ethernet or temporarily disable your wireless router so you can at least boot.)
2) Open "Rules..." from the Little Snitch menu bar icon.
3) Click the "New" (diamond shape with a +) button at the top left.
4) Your creating an "Allow connections" rule (should be default). Pull down "Outgoing" and select "Incoming".
5) Server: Should be default to "Any Server", change to if neccessary.
6) Process: Type in /sbin/launchd <-exactly like that
7) Process Owner: Select "System"
8 ) Port: Type 22 (it will add (ssh)).
9) Protocol: 6 (it will add (TCP)).
10) Make sure "Enabled" is checked.
11) Click Ok.
12) Go to Little Snitch menu bar icon and select "Start Network Filter".
At this point if you can test a remote inbound ssh connection from another machine, you should see there is no more locking up. All is well.
I have to do a little more research but I don't recall launchd being in the mix with sshd under 10.9. I think sshd was started on demand as part of the net stack services. I looked at it a long time ago, I just can't remember the correct terms. If anyone can speak more eloquently to the exact verbiage, please do.
At the end of the day, in case anyone at ObjDev is reading this thread, I think I finally caught the error at the heart of this problem just before one of my previous lock-ups on the second machine. It's not cut and pasted because all I could was jot it on a post-it note before force rebooting:
Kernel [0]: process LittleSnitch DA [54] thread 2173 caught burning CPU! It used more than 50% CPU for over 180 seconds...
Hope this helps others. Send beers not cheers.![:lol:]( "Laughing")
But seriously, if this resolves your issue please let the forum know. Thanks.
p.s. lyssophobe, I don't need a kidney now but if this earns me enough beers I'll reach out to you later.![:wink:]( "Wink")
I can't say every problem in this thread is specifically caused by what I discovered. For those that have picked up on a correlation to inbound port 22 connections it does. For others that have Remote Access enabled in the Sharing control panel, it very may well. The problem in many cases manifests itself as a screen saver or black screen you can't exit out of or a desktop session that slowly stops responding, starting with the dock, menu bar and then individual apps. There is no registered kernel panic or process spin dump. Everything just stops responding and your forced to reboot. It occurs the first time the machine receives an inbound ssh connection. Little Snitch may or may not (I've see it do so once, often not) present a connection alert dialog. Either way, your system is already doomed.
Here is the fix:
1) Boot the machine and immediately go to the Little Snitch menu bar icon and select "Stop Network Filter". (If your machine locks up before you can even get that far, your likely getting an inbound ssh connection. If you have Remote Access open to the world, your almost guaranteed to be under a brute force attack attempt at some point every day. I'm not over exaggerating. Anyhow, if this is happening to you try pulling your network cable out of your computer if on ethernet or temporarily disable your wireless router so you can at least boot.)
2) Open "Rules..." from the Little Snitch menu bar icon.
3) Click the "New" (diamond shape with a +) button at the top left.
4) Your creating an "Allow connections" rule (should be default). Pull down "Outgoing" and select "Incoming".
5) Server: Should be default to "Any Server", change to if neccessary.
6) Process: Type in /sbin/launchd <-exactly like that
7) Process Owner: Select "System"
8 ) Port: Type 22 (it will add (ssh)).
9) Protocol: 6 (it will add (TCP)).
10) Make sure "Enabled" is checked.
11) Click Ok.
12) Go to Little Snitch menu bar icon and select "Start Network Filter".
At this point if you can test a remote inbound ssh connection from another machine, you should see there is no more locking up. All is well.
I have to do a little more research but I don't recall launchd being in the mix with sshd under 10.9. I think sshd was started on demand as part of the net stack services. I looked at it a long time ago, I just can't remember the correct terms. If anyone can speak more eloquently to the exact verbiage, please do.
At the end of the day, in case anyone at ObjDev is reading this thread, I think I finally caught the error at the heart of this problem just before one of my previous lock-ups on the second machine. It's not cut and pasted because all I could was jot it on a post-it note before force rebooting:
Kernel [0]: process LittleSnitch DA [54] thread 2173 caught burning CPU! It used more than 50% CPU for over 180 seconds...
Hope this helps others. Send beers not cheers.
But seriously, if this resolves your issue please let the forum know. Thanks.p.s. lyssophobe, I don't need a kidney now but if this earns me enough beers I'll reach out to you later.
