Zen and the art of SSH

[The Antiphonist]

I have a few SSH questions for you hinters. First, I'll set the scenario: Machine A has "Allow Remote Login" checked. Machine B has Terminal open. If I go to log into Machine A from machine B with SSH, I routinely get the "access denied" when typing in the password until I go to Machine A, uncheck "Allow Remote Login," then re-check it. This works okay for me since I have both machines at my desk, but in the real world this would get annoying real quick. So what's going on? Do you have to re-check that box every time you log in locally to allow remote access?

OK, here's a few more simple questions. Don't laugh at my ignorance.

- can one use SSH to move files to a remote machine from the machine you're on, kinda like FTP without all that FTP fussing about? Just curious.

- If Bob is logged into Machine A, can Paul SSH to that machine, or does Paul have to be logged in to Machine A to allow himself to log in remotely? Did that even make sense?

Thanks!

---

[Novajo]

Take a look at /var/log/system.log to see the exact reason why your connection is denied. Look for items starting with sshd (grep sshd /var/log/system.log would do it). Then come back here with the info.

1) To copy files, you can use the following Secure copy mechanism:

scp srcfile username@remotemachine:[destinationdir]

For instance, to copy test.txt to machine.mydomain.com in novajo's home directory, you would do:

scp test.txt novajo@machine.mydomain.com:

(the : are important)

it can also work the other way around:

scp novajo@machine.mydomain.com:test.txt .

(the . is important)

It's the same syntax as cp.

2) You don't have to be logged in already to ssh to a machine. Anything related to being logged in or not does not affect SSH.

[The Antiphonist]

Navajo,

There wasn't anything beginning with sshd in the system.log. When I have system.log open, and I try to ssh into the other machine, after I do the ssh command and BEFORE the prompt for a user password comes up, system.log records:

localhost lookupd[315]: _lookup_all(query) failed

And after I type in the password, the Terminal returns:

Permission denied, please try again.

After going to the machine I want to log into and unchecking and checking Allow Remote Login, I don't get any error at all, it works just fine. This seems to only happen when I've logged out and back in on the machine I want to ssh to. Very strange.

Thanks for the info on my other questions, much appreciated!

---

[The Antiphonist]

Oops, I was looking at the system.log on the machine that I was trying to ssh FROM rather than TO. Silly me. Here is the relevant system.log info from the Admin account on the machine that is acting up.

------------------------------------------------------------------------------
Here is where I tried to ssh in with a regular user account:
------------------------------------------------------------------------------
Feb 13 15:48:08 localhost sshd[27674]: input_userauth_request: illegal user guest
Feb 13 15:48:08 localhost sshd[27674]: Failed none for illegal user guest from 10.7.18.79 port 49171 ssh2
Feb 13 15:48:09 localhost sshd[27674]: Failed password for illegal user guest from 10.7.18.79 port 49171 ssh2
Feb 13 15:48:13 localhost sshd[27674]: Failed keyboard-interactive for illegal user guest from 10.7.18.79 port 49171 ssh2
Feb 13 15:48:13 localhost sshd[27674]: Connection closed by 10.7.18.79
------------------------------------------------------------------------------
Here is when I tried to ssh in with the Admin user account:
------------------------------------------------------------------------------
Feb 13 15:52:57 localhost sshd[27789]: input_userauth_request: illegal user maryk
Feb 13 15:52:57 localhost sshd[27789]: Failed none for illegal user maryk from 10.7.18.79 port 49172 ssh2
Feb 13 15:53:01 localhost sshd[27789]: Failed password for illegal user maryk from 10.7.18.79 port 49172 ssh2
Feb 13 15:54:01 localhost sshd[22975]: Received signal 15; terminating.
Feb 13 15:54:23 localhost sshd[27832]: Server listening on 0.0.0.0 port 22.
------------------------------------------------------------------------------
This is directly after unchecking and checking Allow Remote Login on the machine I want to log into:
------------------------------------------------------------------------------
Feb 13 15:55:02 localhost sshd[27847]: Accepted password for maryk from 10.7.18.79 port 49173 ssh2
Feb 13 15:55:02 localhost sshd[27848]: lastlog_perform_login: Couldn't stat /var/log/lastlog: No such file or directory
Feb 13 15:55:02 localhost sshd[27848]: lastlog_openseek: /var/log/lastlog is not a file or directory!
Feb 13 15:55:07 localhost sshd[27848]: Could not reverse map address 10.7.18.79.
Feb 13 15:55:07 localhost sshd[27848]: lastlog_perform_login: Couldn't stat /var/log/lastlog: No such file or directory
Feb 13 15:55:07 localhost sshd[27848]: lastlog_openseek: /var/log/lastlog is not a file or directory!
------------------------------------------------------------------------------
And finally, ssh with the regular user account works too:
------------------------------------------------------------------------------
Feb 13 16:03:51 localhost sshd[28061]: Accepted password for guest from 10.7.18.79 port 49174 ssh2
Feb 13 16:03:51 localhost sshd[28066]: lastlog_perform_login: Couldn't stat /var/log/lastlog: No such file or directory
Feb 13 16:03:51 localhost sshd[28066]: lastlog_openseek: /var/log/lastlog is not a file or directory!
Feb 13 16:03:55 localhost sshd[28066]: Could not reverse map address 10.7.18.79.
Feb 13 16:03:55 localhost sshd[28066]: lastlog_perform_login: Couldn't stat /var/log/lastlog: No such file or directory
Feb 13 16:03:55 localhost sshd[28066]: lastlog_openseek: /var/log/lastlog is not a file or directory!
------------------------------------------------------------------------------

[mervTormel]

well, this might help that pesky lastlog error:

sudo touch /var/log/lastlog
sudo chmod 644 /var/log/lastlog

finger uses this file to query user logins