![]() |
Help me connect SSH passwordlessly
I'm sure I've done everything right on both machines. Can anyone see what I'm doing wrong?
Here's the entire verbose output: Code:
~ > ssh -2vvv Rachel@Gnarlodious-Tibook.local |
Here's a clue
More information, I said this on my TiBook:
Code:
sudo SystemStarter -v restart SSHCode:
Unknown service: SSHPlease explain. |
In Preferences > Sharing is Remote Logon checked?
|
Enabling SSH
Yes, Remote Login is enabled. I know how unreliable that prefpane is so I toggled it a bit once but that didn't help.
I found a few interesting files at: Code:
/etc/ssh_configThis is OS 10.3.7 |
check these hints out from the main Hints pages
http://www.macosxhints.com/article.p...11207004643312 also this is the latest hint on the hints site which is related to ssh. http://www.macosxhints.com/article.p...05021023215253 |
Quote:
The default ssh_config & sshd_config files will allow connections to be made. Do you have the os x firewall turned on? if so is port 22 open? Are you connecting between any Hardware firewalls? What happens if you type ssh 127.0.0.1 on the machine in question instead of from a remote machine? |
I'm blue in the face
I think I've read every SSH hint on this website until I'm blue in the face. this is about the third week I've been working on this problem.
Yes, port 22 seems to be open on both machines, according to the prefpanel. system.log reports this trying to log into 127.0.0.1 on my TiBook: Code:
Feb 13 07:40:56 Gnarlodious-TiBook xinetd[268]: service ssh, IPV6_ADDRFORM setsockopt() failed: Protocol not available (errno = 42)Code:
~/.ssh > ssh -2vvv 127.0.0.1 |
send the result of the following on both machines:
"sudo ipfw show" "cat /etc/sshd_config" on the machine you are trying to connect to "cat /etc/ssh_config" on the machine you are using to connect Also what files are in ~/.ssh/ |
Results from TiBook
here are the results from one machine, the TiBook:
Code:
~/.ssh > ls -aCode:
~/.ssh > sudo ipfw showCode:
~/.ssh > cat /etc/sshd_configCode:
~/.ssh > cat /etc/ssh_config |
While following your instructions I found these files, which I thought I was saving in my userfolder:
Code:
~/.ssh > ls /private/etc/ssh_host* |
Results from Cube
I'm also seeing the same files on this machine:
Code:
~ > ls /private/etc/ssh_h*When I try to connect I get this system.log report: ~ > ssh -2vvv 127.0.0.1 Code:
Feb 13 08:32:49 Gnarlodious-Cube xinetd[358]: service ssh, IPV6_ADDRFORM setsockopt() failed: Protocol not available (errno = 42)Code:
~ > ls ~/.ssh Code:
~ > ssh -2vvv 127.0.0.1Code:
~ > sudo ipfw showCode:
~ > cat /etc/sshd_configCode:
~ > cat /etc/ssh_config |
Are these files part of the validation procedure?
OK, there was a stray character in the Cube's sshd_config file at:
?# To disable t .... I removed it and it no longer errors out. Now. saying Code:
ssh -2vvv 127.0.0.1~ > ls /private/etc/ssh_h* -rw------- 1 root wheel 668 13 Feb 07:15 /private/etc/ssh_host_dsa_key -rw-r--r-- 1 root wheel 590 13 Feb 07:15 /private/etc/ssh_host_dsa_key.pub -rw------- 1 root wheel 515 13 Feb 07:15 /private/etc/ssh_host_key -rw-r--r-- 1 root wheel 319 13 Feb 07:15 /private/etc/ssh_host_key.pub -rw------- 1 root wheel 883 13 Feb 07:15 /private/etc/ssh_host_rsa_key -rw-r--r-- 1 root wheel 210 13 Feb 07:15 /private/etc/ssh_host_rsa_key.pub Are these files part of the validation procedure? What is their purpose? |
I will need some more time to look at this, but the one thing i noticed was the id_rsa and id_rsa.pub keys in ~/.ssh did you create those? try deleting or moving everything out of ~/.ssh on both machines and attempt the connection.
As soon as I have a few more minutes I will look through what I had you post and get back again. Anyone else feel free to jump on this if you have time. |
One problem solved!
YES! Deleting the stray character at line 55 now allows me to login remotely to my Cube. I still need to enter the password, but I'm closer.
I did remove all files from the .ssh folder and I can login both ways WITH a password. system.log reports: Feb 13 09:12:24 Gnarlodious-Cube xinetd[358]: START: ssh pid=690 from=fe80::203:93ff:fea3:8602 Feb 13 09:13:35 Gnarlodious-Cube sshd[690]: Accepted password for Rachel from fe80::203:93ff:fea3:8602 port 59115 ssh2 When I login remotely the mystery files ( /private/etc/ssh_h*) are created , I assume it's part of the process. Where the contents of those files are coming from I don't know. Awaiting further advice... |
the files under /etc are system wide files and belong there.
Now i guess you are trying to setup passwordless ssh logons? if so I have can post my notes on doing this.. |
Quote:
Code:
ls -ld /Volumes/Rachel |
My userfolder is a partition
OK, I've tried every imaginable combination of permissions and it still won't work.
My userfolder is a partition, that's why it's in the "Volumes" folder. |
from your latop type the following:
ssh-keygen -t rsa choose the default path (Enter) Password (Enter) Password (Enter) now look in .ssh and you should see id_rsa and id_rsa.pub. now type: where xxx.xxx.xxx.xxx is the ip of the cube and username is your username scp ~/.ssh/id_rsa.pub username@xxx.xxx.xxx.xxx:~/.ssh/ Now ssh into the cube and type: cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys2 rm -f ~/.ssh/id_rsa.pub Exit from the cube and try to reconnect, you should now be connected without being asked for a password. |
Is your user folder on an internal drive or firewire drive?
How did you move your home folder? I thought a few posts above you said you could connect after fixing the line in the config? My above post is how to ssh without a password. |
Could it really be a permissions issue?
I tried that now and it doesn't work. After 45 seconds it asks for a password.
When I said I was able to login SSH, I meant I had never been able to before until I removed the corrupting character from that config file. How it got there I don't know, I didn't know the file existed until then. My userfolder is on a nonejectable disk in the center partition. I set it in NetInfo Manager and it works well. When I tried your advice just now, here is what the Cube's system.log showed: Code:
Feb 14 10:49:50 Gnarlodious-Cube xinetd[354]: START: ssh pid=3973 from=fe80::203:93ff:fea3:8602In the last 2 lines I had set the e authorized_keys2 file on the Cube and tried to connect. I don't understand what's wrong. Could it really be a permissions issue? Should I take this problem to the FreeBSD forums? |
problem seems to be "on the other machine"
New information... I am able to login to my router passwordlessly, which is running a thin Linux client. In fact, I can login passwordlessly from both Macs!
So, the big problem seems to be "on the other machine" regardless of which Mac I am connecting from. |
Solved!!!
Well, the previous poster who said the permissions of my userfolder was partially right. Actually the owner of folder /Volumes/Rachel was set to group "nobody" and that's apparently enough to raise the red flag.
It's possible that when I created the partition a few years ago that's the ownership that was given it and it just never changed. Thanks guys, your guidance has been of astronomical value :D |
Glad it is resolved... nice to see you have been up and running 2 years on the same install... Try that on windows and let me know how you make out...LOL
The info I posted on ssh with no password is solid, I have used it for mac to mac, mac to linux, etc.. without fail... If it did not work then you may still have some config issues somewhere. I would suggest when upgrading to Tiger (if you do) that you do a clean install, you will resolve a ton of issues that have been compounding since 10.X.X. |
Roger that!
Yeah, when 10.4 hits the shelves I'm hoping it fixes a number of problems.
After some experimentation it turns out the most liberal permissions SSH allows on your userfolder is 750. Odd that I searched Google for days and didn't find any mention of this limitation. But I think I have a firm grasp of secure logins now :rolleyes: |
Quote:
Cat 'your public key' | ssh username@xxxx "cat >> .ssh/authorized_keys2" You will be prompted for username's password (Since your public key is not yet in) |
Yes, it does work!
Quote:
I thought only scp prompted for a password but I guess ssh does also. |
| All times are GMT -5. The time now is 06:00 PM. |
Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.
Site design © IDG Consumer & SMB; individuals retain copyright of their postings
but consent to the possible use of their material in other areas of IDG Consumer & SMB.