Help me connect SSH passwordlessly
 

I'm sure I've done everything right on both machines. Can anyone see what I'm doing wrong?

Here's the entire verbose output:

Here's a clue
 

More information, I said this on my TiBook:

and I got this reply:

Does SSH need to be configured? All my study of the subject leads me to believe it works out of the box. I've never seen anywhere OSX needs to have SSH turned on.

Please explain.

In Preferences > Sharing is Remote Logon checked?

Enabling SSH
 

Yes, Remote Login is enabled. I know how unreliable that prefpane is so I toggled it a bit once but that didn't help.

I found a few interesting files at:
These look like configuration files. Should I be uncommenting some of those lines? I can't find any information how to enable SSH in OSX.

This is OS 10.3.7

check these hints out from the main Hints pages

http://www.macosxhints.com/article.p...11207004643312

also this is the latest hint on the hints site which is related to ssh.
http://www.macosxhints.com/article.p...05021023215253

All you have to do is check Remote Logon in the Sharing Prefs.
The default ssh_config & sshd_config files will allow connections to be made.
Do you have the os x firewall turned on? if so is port 22 open?
Are you connecting between any Hardware firewalls?
What happens if you type ssh 127.0.0.1 on the machine in question instead of from a remote machine?

I'm blue in the face
 

I think I've read every SSH hint on this website until I'm blue in the face. this is about the third week I've been working on this problem.

Yes, port 22 seems to be open on both machines, according to the prefpanel.

system.log reports this trying to log into 127.0.0.1 on my TiBook:

Here's what I get from Terminal trying to log into 127.0.0.1 on my TiBook:

send the result of the following on both machines:
"sudo ipfw show"

"cat /etc/sshd_config" on the machine you are trying to connect to
"cat /etc/ssh_config" on the machine you are using to connect

Also what files are in ~/.ssh/

Results from TiBook
 

here are the results from one machine, the TiBook:

While following your instructions I found these files, which I thought I was saving in my userfolder:
What's with these files? Where are they coming from? Could they cause a conflict?

Results from Cube
 

I'm also seeing the same files on this machine:
I sure don't know where these files are coming from.


When I try to connect I get this system.log report:
~ > ssh -2vvv 127.0.0.1

Are these files part of the validation procedure?
 

OK, there was a stray character in the Cube's sshd_config file at:

?# To disable t ....

I removed it and it no longer errors out.

Now. saying causes the mystery files to be written:

~ > ls /private/etc/ssh_h*
-rw------- 1 root wheel 668 13 Feb 07:15 /private/etc/ssh_host_dsa_key
-rw-r--r-- 1 root wheel 590 13 Feb 07:15 /private/etc/ssh_host_dsa_key.pub
-rw------- 1 root wheel 515 13 Feb 07:15 /private/etc/ssh_host_key
-rw-r--r-- 1 root wheel 319 13 Feb 07:15 /private/etc/ssh_host_key.pub
-rw------- 1 root wheel 883 13 Feb 07:15 /private/etc/ssh_host_rsa_key
-rw-r--r-- 1 root wheel 210 13 Feb 07:15 /private/etc/ssh_host_rsa_key.pub

Are these files part of the validation procedure? What is their purpose?

I will need some more time to look at this, but the one thing i noticed was the id_rsa and id_rsa.pub keys in ~/.ssh did you create those? try deleting or moving everything out of ~/.ssh on both machines and attempt the connection.

As soon as I have a few more minutes I will look through what I had you post and get back again.

Anyone else feel free to jump on this if you have time.

One problem solved!
 

YES! Deleting the stray character at line 55 now allows me to login remotely to my Cube. I still need to enter the password, but I'm closer.

I did remove all files from the .ssh folder and I can login both ways WITH a password.

system.log reports:

Feb 13 09:12:24 Gnarlodious-Cube xinetd[358]: START: ssh pid=690 from=fe80::203:93ff:fea3:8602
Feb 13 09:13:35 Gnarlodious-Cube sshd[690]: Accepted password for Rachel from fe80::203:93ff:fea3:8602 port 59115 ssh2

When I login remotely the mystery files ( /private/etc/ssh_h*) are created , I assume it's part of the process. Where the contents of those files are coming from I don't know.

Awaiting further advice...

the files under /etc are system wide files and belong there.
Now i guess you are trying to setup passwordless ssh logons?

if so I have can post my notes on doing this..

That "bad ownership" seems to be the issue; your homedir is coming from a seperately-mounted volume, correct (perhaps of your own doing, perhaps FileValut)? That "Authentication refused" probably means the permissions to /Volumes/Rachel are too open, what does
say?

My userfolder is a partition
 

OK, I've tried every imaginable combination of permissions and it still won't work.

My userfolder is a partition, that's why it's in the "Volumes" folder.

from your latop type the following:
ssh-keygen -t rsa
choose the default path (Enter)
Password (Enter)
Password (Enter)

now look in .ssh and you should see id_rsa and id_rsa.pub.

now type:
where xxx.xxx.xxx.xxx is the ip of the cube and username is your username
scp ~/.ssh/id_rsa.pub username@xxx.xxx.xxx.xxx:~/.ssh/

Now ssh into the cube and type:
cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys2
rm -f ~/.ssh/id_rsa.pub

Exit from the cube and try to reconnect, you should now be connected without being asked for a password.

Is your user folder on an internal drive or firewire drive?

How did you move your home folder?

I thought a few posts above you said you could connect after fixing the line in the config?

My above post is how to ssh without a password.

Could it really be a permissions issue?
 

I tried that now and it doesn't work. After 45 seconds it asks for a password.

When I said I was able to login SSH, I meant I had never been able to before until I removed the corrupting character from that config file. How it got there I don't know, I didn't know the file existed until then.

My userfolder is on a nonejectable disk in the center partition. I set it in NetInfo Manager and it works well.

When I tried your advice just now, here is what the Cube's system.log showed:

Notice that the first 3 lines reflect the login before I set the authorized_keys2 file, and it asks for a password immediately.
In the last 2 lines I had set the e authorized_keys2 file on the Cube and tried to connect.

I don't understand what's wrong. Could it really be a permissions issue? Should I take this problem to the FreeBSD forums?

problem seems to be "on the other machine"
 

New information... I am able to login to my router passwordlessly, which is running a thin Linux client. In fact, I can login passwordlessly from both Macs!

So, the big problem seems to be "on the other machine" regardless of which Mac I am connecting from.

Solved!!!
 

Well, the previous poster who said the permissions of my userfolder was partially right. Actually the owner of folder /Volumes/Rachel was set to group "nobody" and that's apparently enough to raise the red flag.

It's possible that when I created the partition a few years ago that's the ownership that was given it and it just never changed.

Thanks guys, your guidance has been of astronomical value :D

Glad it is resolved... nice to see you have been up and running 2 years on the same install... Try that on windows and let me know how you make out...LOL

The info I posted on ssh with no password is solid, I have used it for mac to mac, mac to linux, etc.. without fail... If it did not work then you may still have some config issues somewhere.

I would suggest when upgrading to Tiger (if you do) that you do a clean install, you will resolve a ton of issues that have been compounding since 10.X.X.

Roger that!
 

Yeah, when 10.4 hits the shelves I'm hoping it fixes a number of problems.

After some experimentation it turns out the most liberal permissions SSH allows on your userfolder is 750. Odd that I searched Google for days and didn't find any mention of this limitation.

But I think I have a firm grasp of secure logins now :rolleyes:

Just an fyi .. You can do this in one step ...

Cat 'your public key' | ssh username@xxxx "cat >> .ssh/authorized_keys2"

You will be prompted for username's password (Since your public key is not yet in)

Yes, it does work!
 

Yes, it works!
I thought only scp prompted for a password but I guess ssh does also.