[moki]

Apple has apparently seen the light and included sshd all set up and installed (1.x and 2.x) on MacOS X pb1. There's a SSH dir in /System/Library/StartupItems/, complete with the shell script to fire it up.

The only thing missing is that you must add the following to /etc/hostconfig

SSHSERVER=-YES-

(Apple's script checks this variable before launching sshd)

While this may seem obvious to someone with more experience with the way NeXT implements things, it wasn't to me -- hopefully this will save someone a bit of time.


------------------
Andrew Welch / el
Presidente / Ambrosia
Software, Inc.

ooo, thanks for pointing that out! i was just discussing this with a co-worker last night. Now all Apple needs to do is get rid of that Telnet button in the File Sharing control panel, and/or put the SSH knob in its place.

[bwh1248]

I'm just getting started here with SSH, I'm going to read the man pages now, but figured ask anyways.

When I ran the SSH script included, it said
"error: Could not load DSA host key: /etc/ssh_host_dsa_key
Disabling protocol version 2".

Is there an easy way to remedy this?

Thanks...

change the /System/Library/StatupItems/SSH/SSH file so it looks like this:
#!/bin/sh

. /etc/rc.common

##
# Start up secure login server
##

if [ "${SSHSERVER:=-NO-}" = "-YES-" ]; then

ConsoleMessage "Starting Secure Login Server"

if [ ! -f /etc/ssh_host_dsa_key ]; then
echo "Generating ssh host key..."
ssh-keygen -d -b 1024 -f /etc/ssh_host_dsa_key -N "" -C "$(hostname)"
fi

sshd

fi

------------------
Life is what happens to you when you have something else planned. --Mark Roberts

[dcemt]

Thanks for the info. I have been messing with enabling ssh on and off all day. I am grateful for people smarter than myself

[bwh1248]

Thanks for the help on the MacNN forum. I'm still having a little trouble getting my client terminal (SecureCRT 3.0.3 for Windows NT) to connect, but I'm still working on it. I think the client might be out of date. It has a connection option for SSH2, but when I try to connect, it says "Protocal version mismatch with SSH server. Servers version string was SSH-1.5-OPENSSH_2.1.1". I'm still working on it though.

Thanks again...

I may be completely off here, but doesn't SSH use ident?

I may be completely off here, but doesn't SSH use ident?

I tried this and got the following error:

Starting Secure Login Server
Generating ssh host key...
Generating DSA parameter and key.
Your identification has been saved in /etc/ssh_host_dsa_key.
Your public key has been saved in /etc/ssh_host_dsa_key.pub.
The key fingerprint is:
f4:83:15:2c:5d:03:e8:79:f7:85:af:4f:50:40:7b:e3 manatee
error: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @@@@@@@@@
error: @ WARNING: UNPROTECTED PRIVATE KEY FILE! @
error: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @@@@@@@@@
error: Bad ownership or mode(0600) for '/etc/ssh_host_key'.
error: It is recommended that your private key files are NOT accessible by other
s.
error: Could not load host key: /etc/ssh_host_key: Undefined error: 0
Disabling protocol version 1

Originally posted by wyzeguy:
change the /System/Library/StatupItems/SSH/SSH file so it looks like this:
#!/bin/sh

. /etc/rc.common

##
# Start up secure login server
##

if [ "${SSHSERVER:=-NO-}" = "-YES-" ]; then

ConsoleMessage "Starting Secure Login Server"

if [ ! -f /etc/ssh_host_dsa_key ]; then
echo "Generating ssh host key..."
ssh-keygen -d -b 1024 -f /etc/ssh_host_dsa_key -N "" -C "$(hostname)"
fi

sshd

fi

[Since EBCDIC]

wyzeguy,

Your /System/Library/StartupItems/SSH/SSH file only works if the user has failed by running the first version. A *complete* SSH file would generate both keys and spare users from any error messages in the first place.

Share and enjoy!

--- snip ---

#!/bin/sh

. /etc/rc.common

##
# Start up secure login server
##

if [ "${SSHSERVER:=-NO-}" = "-YES-" ]; then

ConsoleMessage "Starting Secure Login Server"

if [ ! -f /etc/ssh_host_key ]; then
echo "Generating ssh host key..."
ssh-keygen -f /etc/ssh_host_key -N "" -C "$(hostname)"
fi

if [ ! -f /etc/ssh_host_dsa_key ]; then
echo "Generating ssh host key..."
ssh-keygen -d -b 1024 -f /etc/ssh_host_dsa_key -N "" -C "$(hostname)"
fi

sshd

fi

Thanks for the fix. I never recieved that error but it's probably 'cause I ran it without modification first so the ssh_host_key was already there.

------------------
Life is what happens to you when you have something else planned. --Mark Roberts

[Baumi]

nierman,

Apparently for some reason the key file was generated with too lax permissions.


try this:

su -

(Type your root pw when prompted)

l /etc/ssh_host_dsa_key

This should show you the key file. If it's there type:

chmod 0600 /etc/ssh_host_dsa_key

This will change permissions so only root can read the keyfile.

Then type:

sshd

This should start sshd.


If you did NOT find the keyfile type:

ssh-keygen -d -b 1024 -f /etc/ssh_host_dsa_key -N "" -C "<YOUR HOSTNAME HERE>"

(Including all quotes and replacing <YOUR HOSTNAME HERE> with your machine's name.)


After that you should be able to start sshd by typing:

sshd


Hope this works for you.

Jens

-----BEGIN GEEK CODE BLOCK-----
Version: 3.1
GCS/L dpu s:- a- C+++ UL P++ L++ E W+++ N+
o K- w-- O M++ V- PS++ PE- Y+ PGP t+ 5- X-
R tv+ b++ DI++ D++ G e+ h+ r++ y+
------END GEEK CODE BLOCK------

[This message has been edited by Baumi (edited 10-02-2000).]

[This message has been edited by Baumi (edited 10-02-2000).]