Hardly – and the issue being ISP-side was once again seemingly also already denied by your own specification of things working from different machines on the same network, so the VPN solution/behaviour makes not much sense in that or the hardware-issue case either.
Is it your own router? Do things work if you physically plug the Manjaro system into one of the ports from which a different system does work? (i.e., as per omano…)
[EDIT] Mmm. Is it an IPv4/IPv6 issue? The VPN connection being over IPv6 rather than 4 and that somehow bypassing the problem?
To eliminate router issues I connected to my neighbours wifi. Still same outcome.
Without VPN (only the first time in the networks something is going on, but no success message):
[andreas@bixente ~]$ ssh -Tv git@bitbucket.org
OpenSSH_9.1p1, OpenSSL 3.0.7 1 Nov 2022
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Connecting to bitbucket.org [104.192.141.1] port 22.
debug1: Connection established.
debug1: identity file /home/andreas/.ssh/id_rsa type 0
debug1: identity file /home/andreas/.ssh/id_rsa-cert type -1
debug1: identity file /home/andreas/.ssh/id_ecdsa type -1
debug1: identity file /home/andreas/.ssh/id_ecdsa-cert type -1
debug1: identity file /home/andreas/.ssh/id_ecdsa_sk type -1
debug1: identity file /home/andreas/.ssh/id_ecdsa_sk-cert type -1
debug1: identity file /home/andreas/.ssh/id_ed25519 type 3
debug1: identity file /home/andreas/.ssh/id_ed25519-cert type -1
debug1: identity file /home/andreas/.ssh/id_ed25519_sk type -1
debug1: identity file /home/andreas/.ssh/id_ed25519_sk-cert type -1
debug1: identity file /home/andreas/.ssh/id_xmss type -1
debug1: identity file /home/andreas/.ssh/id_xmss-cert type -1
debug1: identity file /home/andreas/.ssh/id_dsa type -1
debug1: identity file /home/andreas/.ssh/id_dsa-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_9.1
debug1: Remote protocol version 2.0, remote software version conker_eda5298d7e 3a1d531ccdb6
debug1: compat_banner: no match: conker_eda5298d7e 3a1d531ccdb6
debug1: Authenticating to bitbucket.org:22 as 'git'
debug1: load_hostkeys: fopen /home/andreas/.ssh/known_hosts2: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directory
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256@libssh.org
debug1: kex: host key algorithm: rsa-sha2-512
debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
Connection closed by 104.192.141.1 port 22
[andreas@bixente ~]$ ssh -Tv git@bitbucket.org
OpenSSH_9.1p1, OpenSSL 3.0.7 1 Nov 2022
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Connecting to bitbucket.org [2406:da00:ff00::6b17:d1f5] port 22.
debug1: connect to address 2406:da00:ff00::6b17:d1f5 port 22: Connection timed out
debug1: Connecting to bitbucket.org [2406:da00:ff00::22e9:9f55] port 22.
^C
[andreas@bixente ~]$ ssh -Tv git@github.com
OpenSSH_9.1p1, OpenSSL 3.0.7 1 Nov 2022
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Connecting to github.com [140.82.121.3] port 22.
debug1: connect to address 140.82.121.3 port 22: Connection timed out
ssh: connect to host github.com port 22: Connection timed out
[andreas@bixente ~]$
With VPN (github works, bitbucket not):
[andreas@bixente ~]$ ssh -Tv git@github.com
OpenSSH_9.1p1, OpenSSL 3.0.7 1 Nov 2022
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Connecting to github.com [140.82.121.3] port 22.
debug1: Connection established.
debug1: identity file /home/andreas/.ssh/id_rsa type 0
debug1: identity file /home/andreas/.ssh/id_rsa-cert type -1
debug1: identity file /home/andreas/.ssh/id_ecdsa type -1
debug1: identity file /home/andreas/.ssh/id_ecdsa-cert type -1
debug1: identity file /home/andreas/.ssh/id_ecdsa_sk type -1
debug1: identity file /home/andreas/.ssh/id_ecdsa_sk-cert type -1
debug1: identity file /home/andreas/.ssh/id_ed25519 type 3
debug1: identity file /home/andreas/.ssh/id_ed25519-cert type -1
debug1: identity file /home/andreas/.ssh/id_ed25519_sk type -1
debug1: identity file /home/andreas/.ssh/id_ed25519_sk-cert type -1
debug1: identity file /home/andreas/.ssh/id_xmss type -1
debug1: identity file /home/andreas/.ssh/id_xmss-cert type -1
debug1: identity file /home/andreas/.ssh/id_dsa type -1
debug1: identity file /home/andreas/.ssh/id_dsa-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_9.1
debug1: Remote protocol version 2.0, remote software version babeld-2aa8e17d
debug1: compat_banner: no match: babeld-2aa8e17d
debug1: Authenticating to github.com:22 as 'git'
debug1: load_hostkeys: fopen /home/andreas/.ssh/known_hosts2: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directory
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: ssh-ed25519
debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: SSH2_MSG_KEX_ECDH_REPLY received
debug1: Server host key: ssh-ed25519 SHA256:+DiY3wvvV6TuJJhbpZisF/zLDA0zPMSvHdkr4UvCOqU
debug1: load_hostkeys: fopen /home/andreas/.ssh/known_hosts2: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directory
debug1: Host 'github.com' is known and matches the ED25519 host key.
debug1: Found key in /home/andreas/.ssh/known_hosts:1
debug1: rekey out after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey in after 134217728 blocks
debug1: Will attempt key: /home/andreas/.ssh/id_rsa RSA SHA256:RVRbcDe320bKOimlWcNicSFH4xtiQwah9ykqOdfgxBQ
debug1: Will attempt key: /home/andreas/.ssh/id_ecdsa
debug1: Will attempt key: /home/andreas/.ssh/id_ecdsa_sk
debug1: Will attempt key: /home/andreas/.ssh/id_ed25519 ED25519 SHA256:jic25QZcMMvZPlRz3kTpcJOFW0o5/vsDG7m/MIOL254
debug1: Will attempt key: /home/andreas/.ssh/id_ed25519_sk
debug1: Will attempt key: /home/andreas/.ssh/id_xmss
debug1: Will attempt key: /home/andreas/.ssh/id_dsa
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp256-cert-v01@openssh.com,sk-ssh-ed25519-cert-v01@openssh.com,sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,sk-ssh-ed25519@openssh.com,sk-ecdsa-sha2-nistp256@openssh.com,ssh-ed25519,ecdsa-sha2-nistp521,ecdsa-sha2-nistp384,ecdsa-sha2-nistp256,rsa-sha2-512,rsa-sha2-256,ssh-rsa>
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering public key: /home/andreas/.ssh/id_rsa RSA SHA256:RVRbcDe320bKOimlWcNicSFH4xtiQwah9ykqOdfgxBQ
debug1: Authentications that can continue: publickey
debug1: Trying private key: /home/andreas/.ssh/id_ecdsa
debug1: Trying private key: /home/andreas/.ssh/id_ecdsa_sk
debug1: Offering public key: /home/andreas/.ssh/id_ed25519 ED25519 SHA256:jic25QZcMMvZPlRz3kTpcJOFW0o5/vsDG7m/MIOL254
debug1: Server accepts key: /home/andreas/.ssh/id_ed25519 ED25519 SHA256:jic25QZcMMvZPlRz3kTpcJOFW0o5/vsDG7m/MIOL254
Authenticated to github.com ([140.82.121.3]:22) using "publickey".
debug1: channel 0: new [client-session]
debug1: Entering interactive session.
debug1: pledge: filesystem
debug1: client_input_global_request: rtype hostkeys-00@openssh.com want_reply 0
debug1: client_input_hostkeys: searching /home/andreas/.ssh/known_hosts for github.com / (none)
debug1: client_input_hostkeys: searching /home/andreas/.ssh/known_hosts2 for github.com / (none)
debug1: client_input_hostkeys: hostkeys file /home/andreas/.ssh/known_hosts2 does not exist
debug1: client_input_hostkeys: no new or deprecated keys from server
debug1: client_input_channel_req: channel 0 rtype exit-status reply 0
Hi AndreasInfo! You've successfully authenticated, but GitHub does not provide shell access.
debug1: channel 0: free: client-session, nchannels 1
Transferred: sent 2580, received 2372 bytes, in 0.3 seconds
Bytes per second: sent 7383.1, received 6787.8
debug1: Exit status 1
[andreas@bixente ~]$ ssh -Tv git@bitbucket.org
OpenSSH_9.1p1, OpenSSL 3.0.7 1 Nov 2022
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Connecting to bitbucket.org [2406:da00:ff00::22c0:3470] port 22.
debug1: connect to address 2406:da00:ff00::22c0:3470 port 22: Connection timed out
debug1: Connecting to bitbucket.org [2406:da00:ff00::6b17:d1f5] port 22.
^C
@linux-aarhus: updating keys is completely and utterly irrelevant there where we’re not even connecting; also most certainly is when things do work when on VPN.
As misty as this seems to me some google hits are pointing towards an MTU related bug. I noticed this was a MAC. Do you have an especially large MTU set perhaps? For me:
$ ip a
[ ... ]
2: enp4s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
[ ... ]
This would seem to say 1500 would be okay and I doubt you have higher set (that would be “jumbo frames”) but perhaps you can try lowering, f.e.,
sudo ip link set dev enp4s0 mtu 1000
Of course with the in your case proper interface name enp4s0 as displayed by above ip a.
Not giving it high chance but there’s enough google hits concerning this that it still needs checking. The IPv4/IPv6 thing seems to not be it; bitbucket fails with either there.
IF enp1s0f0 is in fact your wireless NIC; can’t quickly check how Arch/Manjaro names wireless interfaces but more usually it would be e.g. wlan0 or some such.
2: enp1s0f0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc mq state DOWN group default qlen 1000
[...]
3: wlp2s0b1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
Setting the MTU is a very rare situation. It may surface with old kernels - but may as well be related to old hardware - and a MacBook Pro 2012 is indeed old hardware with a very old - likely - broadcom wifi - which complicate things further.
Two reverse-engineered open-source drivers are built-in to the kernel: b43 and b43legacy. b43 supports most newer Broadcom chipsets, while the b43legacy driver only supports the early BCM4301 and BCM4306 rev.2 chipsets. To avoid erroneous detection of your WiFi cards chipset, blacklist the unused driver.
As some drivers is part of the kernel and some is not - it may be worth exploring what device is actually part of your system and locating the driver to use and the driver to blacklist.
But if that didn’t work to get ssh going then I’ll for now butt out; anything I’d now come up would be mere guesses and would likely just have you at best end up on top of a stack of dead wild geese rather than with working ssh. I believe it was TriMoon who somewhere above suggested testing ssh within your local network to see if that works which seems a good idea to ascertain – but basically no idea.
I have tested via ethernet and it perfectly works ! I may have read something about wifi adapter problems with Linux and Mac so I will investigate further. But that should solve the problem…
@rene I really appreciate your help. Thanks a lot.
FWIW I have concluded this to be some sort of uninteresting bug with the “MacBook Pro 2012” Wi-Fi adapter driver. I.e., the VPN puts a “software adapter on top of the hardware one” and then it all of a sudden works, so it seems that his real “wl” interface just interacts a bit too directly with a buggy driver for such.
! I may have read something about wifi adapter problems with Linux and Mac so I will investigate further. But that should solve the problem…