Immediate Fix
When a git pull hangs over SSH, the first step is to identify if the issue lies with Git or the underlying SSH tunnel. Run the command with verbose logging to see exactly where the connection stalls.
GIT_SSH_COMMAND="ssh -vvv" git pullIf the output stops at “Expecting SSH2_MSG_KEXINIT”, it usually indicates a network MTU (Maximum Transmission Unit) issue or a firewall blocking large packets. If it stops at “Connecting to…”, it is likely a DNS or IP routing problem.
To bypass common hang-ups related to IPv6 or DNS, try forcing IPv4 in your SSH configuration. Open (or create) ~/.ssh/config and add the following:
Host *
AddressFamily inet
ServerAliveInterval 60
ServerAliveCountMax 5| Fix Action | Command / Config |
|---|---|
| Verify SSH Access | ssh -T [email protected] |
| Kill Hung Processes | killall ssh or killall git |
| Restart SSH Agent | eval $(ssh-agent -s) |
Technical Explanation
A “hanging” state occurs when the client and server fail to complete the SSH handshake or when the data stream is interrupted without the socket closing properly.
This is often caused by Packet Fragmentation. In some network environments, routers drop packets that exceed a certain size. Since SSH key exchanges involve large packets, the connection may hang precisely when the encryption keys are being negotiated.
Another common culprit is SSH Agent Timeout. If your local ssh-agent is holding too many keys, the server may stop responding after too many failed authentication attempts. Git doesn’t always report this as an error; it simply waits for a response that never comes.
Finally, TCP Keepalives are crucial. Without them, inactive connections through NAT firewalls or load balancers are often silently dropped. The client thinks the connection is still open, resulting in a permanent hang during the “pull” process.
Alternative Methods
If troubleshooting SSH is taking too long and you need to resume work immediately, you can switch the remote URL from SSH to HTTPS. This uses standard web ports (443) which are less likely to be throttled or blocked.
# Check current remote
git remote -v
# Change to HTTPS
git remote set-url origin https://github.com/USERNAME/REPOSITORY.gitAdjusting MTU Settings
If you suspect the network is dropping large packets, you can manually lower your MTU setting. This is a common fix for developers working over VPNs or specific ISP hardware.
# On macOS/Linux (Check your interface name, e.g., eth0 or en0)
sudo ifconfig eth0 mtu 1400Updating Git and SSH
Ensure your tools are up to date. Older versions of Git and OpenSSH have known bugs regarding credential caching and handshake timeouts. On macOS, use brew upgrade git; on Linux, use your standard package manager.