Welcome to the MacNN Forums.

If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below.

You are here: MacNN Forums > Software - Troubleshooting and Discussion > macOS > ssh not working in Leopard

ssh not working in Leopard
Thread Tools
ashishn
Forum Regular
Join Date: Oct 2004
Location: Pune, India
Status: Offline
Reply With Quote
Jun 29, 2009, 02:54 AM
 
I have enabled Remote Login from Preferences but when I try and do ssh [email protected] where 192.168.1.101 is where ssh is enabled, I am not able to get through.

Getting Connection refused error.

and I was never asked for passphrase for the first time.
I observed that all files starting with 'ssh' in /etc directory were owned by my local user and not root except sshd_config. So I changed owner to root ad group to wheel. Still not working.

what could be wrong? I had upgraded from Tiger and ssh wasn't working then too so I had tried to do a few things. Could those misadventures be causing the issue?

Can I not reset openssh to default so that it stats working properly?

-Ashish
( Last edited by ashishn; Jun 29, 2009 at 03:02 AM. Reason: More information)
     
jay3ld
Senior User
Join Date: Jul 2004
Status: Offline
Reply With Quote
Jun 29, 2009, 04:25 PM
 
Most likely your firewall on either your router or mac is blocking the connection
Try to ssh to your self (ie "ssh localhost" or "ssh 127.0.0.1" and see if this works. You will need to enable SSH on the machine as well.
You shouldn't make fun of nerds... you'll be working for one some day.
     
ashishn  (op)
Forum Regular
Join Date: Oct 2004
Location: Pune, India
Status: Offline
Reply With Quote
Jun 30, 2009, 12:16 AM
 
Is firewall on by default because I haven't enabled it? In fact I was searching where it has gone

I have opened the port on my router and I have enabled Remote Login from Preferences which means ssh is enabled, right?

A couple questions:
1. why wasn't I asked for passphrase first I tried ssh [email protected]?
2. what is sshd_condif.default file. it has very few parameter where sshd_config has many commended. Which one should be used
3. hosts.allow has "ALLOW:ALLOWENY" Could this be related to the issue. hosts.deny is blank
4. How do I reset my ssh configuration to start all over.
5. Is there an online guide for Mac that I can use to step by step configure ssh. Even the 'Missing Manual" doesn't say anything more than enabling Remote Login from System Preferences.
6. Lastly, I though this should work like a breeze. How can it be so difficult???

Really appreciate if someone can help me.
Thanks.
MacbookPro, iPhone 4S, iPod Touch, iPad 2
     
turtle777
Clinically Insane
Join Date: Jun 2001
Location: planning a comeback !
Status: Offline
Reply With Quote
Jun 30, 2009, 01:34 AM
 
It shouldn't be that difficult. I don't know why your ssh is not working, something maybe broken with your OS installation.

What version of OS X do you have ?
I'm going out on a limb here, but it could be a permissions issue. Tried to Repair Permissions ?

-t
     
ashishn  (op)
Forum Regular
Join Date: Oct 2004
Location: Pune, India
Status: Offline
Reply With Quote
Jun 30, 2009, 01:42 AM
 
10.5.7.

I will try repairing permission.
MacbookPro, iPhone 4S, iPod Touch, iPad 2
     
turtle777
Clinically Insane
Join Date: Jun 2001
Location: planning a comeback !
Status: Offline
Reply With Quote
Jun 30, 2009, 01:59 AM
 
Many say Repair Permissions is voodoo. It's probably true in 95% of the cases. However, it did fix some really weird issues for me in the past, so it's always worth a shot.

If this doesn't help, I'd suggest you PM Besson3c. He might be able to help. He'll be back from "vacation" in 2 days.

-t
     
ashishn  (op)
Forum Regular
Join Date: Oct 2004
Location: Pune, India
Status: Offline
Reply With Quote
Jun 30, 2009, 04:54 AM
 
ok thanks t.

My aim is to open tunnel to access my home Mac from office. I am behind firewall. I did this successfully long back with Openssh on Windows XP but could never get ssh working on 10.4 also

Anyway I will do Repair Permissions first and respond again.
MacbookPro, iPhone 4S, iPod Touch, iPad 2
     
jay3ld
Senior User
Join Date: Jul 2004
Status: Offline
Reply With Quote
Jun 30, 2009, 10:21 AM
 
If it is not asking for any login details, Then you are not making a successful ssh connection to the other machine.
You shouldn't make fun of nerds... you'll be working for one some day.
     
turtle777
Clinically Insane
Join Date: Jun 2001
Location: planning a comeback !
Status: Offline
Reply With Quote
Jun 30, 2009, 10:47 AM
 
Did you try ssh 127.0.0. yet ?

This will tell you if SSH works on your Mac. If this works, then you might have a firewall issue. Maybe your work firewall was updated and doesn't allow port 22 connections anymore.

-t
     
Cold Warrior
Moderator
Join Date: Jan 2001
Location: Polwaristan
Status: Offline
Reply With Quote
Jun 30, 2009, 12:26 PM
 
are you on the same lan as the ssh host?
     
ashishn  (op)
Forum Regular
Join Date: Oct 2004
Location: Pune, India
Status: Offline
Reply With Quote
Jun 30, 2009, 12:33 PM
 
I am not even able to ssh from same machine. Also not able to from my Windows laptop using putty.

ssh [email protected] and ssh [email protected] gives error "ssh_exchange_identification:Connection closed by remote host"

Firewall is disabled but see 'File Sharing (AFP,SMB)' and 'Remote Login (ssh)' in the box where applications can be added.

I can give more information since I am sitting in front of the laptop.
( Last edited by ashishn; Jun 30, 2009 at 12:34 PM. Reason: more information)
MacbookPro, iPhone 4S, iPod Touch, iPad 2
     
ashishn  (op)
Forum Regular
Join Date: Oct 2004
Location: Pune, India
Status: Offline
Reply With Quote
Jun 30, 2009, 12:37 PM
 
I also tried to run Repair Permissions but repair finishes in couple of seconds without repairing anything !!!
MacbookPro, iPhone 4S, iPod Touch, iPad 2
     
turtle777
Clinically Insane
Join Date: Jun 2001
Location: planning a comeback !
Status: Offline
Reply With Quote
Jun 30, 2009, 12:49 PM
 
Try ssh -vvv [email protected]

It (-v verbose mode) should give you more information about the error.

I don't think I'm qualified to troubleshoot this, but someone else might recognize something.

-t
     
ashishn  (op)
Forum Regular
Join Date: Oct 2004
Location: Pune, India
Status: Offline
Reply With Quote
Jun 30, 2009, 12:53 PM
 
The output of ssh -vvv command:
OpenSSH_5.1p1, OpenSSL 0.9.7l 28 Sep 2006
debug1: Reading configuration data /etc/ssh_config
debug2: ssh_connect: needpriv 0
debug1: Connecting to 127.0.0.1 [127.0.0.1] port 22.
debug1: Connection established.
debug1: identity file /Users/myuser/.ssh/identity type -1
debug1: identity file /Users/myuser/.ssh/id_rsa type -1
debug1: identity file /Users/myuser/.ssh/id_dsa type -1
ssh_exchange_identification: Connection closed by remote host
MacbookPro, iPhone 4S, iPod Touch, iPad 2
     
ashishn  (op)
Forum Regular
Join Date: Oct 2004
Location: Pune, India
Status: Offline
Reply With Quote
Jun 30, 2009, 01:14 PM
 
sshd_config contents. Anything to be corrected here?
========================
Port 22
Protocol 2
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::

# HostKey for protocol version 1
#HostKey /etc/ssh_host_key
# HostKeys for protocol version 2
#HostKey /etc/ssh_host_rsa_key
#HostKey /etc/ssh_host_dsa_key

# Lifetime and size of ephemeral version 1 server key
#KeyRegenerationInterval 1h
#ServerKeyBits 768

# Logging
# obsoletes QuietMode and FascistLogging
SyslogFacility AUTHPRIV
#LogLevel INFO

# Authentication:

#LoginGraceTime 2m
#PermitRootLogin yes
#StrictModes yes
#MaxAuthTries 6

#RSAAuthentication yes
#PubkeyAuthentication yes
#AuthorizedKeysFile .ssh/authorized_keys

# For this to work you will also need host keys in /etc/ssh_known_hosts
#RhostsRSAAuthentication no
# similar for protocol version 2
#HostbasedAuthentication no
# Change to yes if you don't trust ~/.ssh/known_hosts for
# RhostsRSAAuthentication and HostbasedAuthentication
#IgnoreUserKnownHosts no
# Don't read the user's ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes

# To disable tunneled clear text passwords, change to no here! Also,
# remember to set the UsePAM setting to 'no'.
#PasswordAuthentication yes
#PermitEmptyPasswords no

# SACL options
#SACLSupport yes

# Change to no to disable s/key passwords
#ChallengeResponseAuthentication yes

# Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
#KerberosGetAFSToken no

# GSSAPI options
#GSSAPIAuthentication no
#GSSAPICleanupCredentials yes
#GSSAPIStrictAcceptorCheck yes
#GSSAPIKeyExchange no

# Set this to 'yes' to enable PAM authentication, account processing,
# and session processing. If this is enabled, PAM authentication will
# be allowed through the ChallengeResponseAuthentication and
# PasswordAuthentication. Depending on your PAM configuration,
# PAM authentication via ChallengeResponseAuthentication may bypass
# the setting of "PermitRootLogin without-password".
# If you just want the PAM account and session checks to run without
# PAM authentication, then enable this but set PasswordAuthentication
# and ChallengeResponseAuthentication to 'no'.
# Also, PAM will deny null passwords by default. If you need to allow
# null passwords, add the " nullok" option to the end of the
# securityserver.so line in /etc/pam.d/sshd.
#UsePAM yes

#AllowTcpForwarding yes
#GatewayPorts no
#X11Forwarding no
#X11DisplayOffset 10
#X11UseLocalhost yes
#PrintMotd yes
#PrintLastLog yes
#TCPKeepAlive yes
#UseLogin no
#UsePrivilegeSeparation yes
#PermitUserEnvironment no
#Compression delayed
#ClientAliveInterval 0
#ClientAliveCountMax 3
#UseDNS yes
#PidFile /var/run/sshd.pid
#MaxStartups 10
#PermitTunnel no

# no default banner path
#Banner /some/path

# override default of no subsystems
Subsystem sftp /usr/libexec/sftp-server

# Example of overriding settings on a per-user basis
#Match User anoncvs
# X11Forwarding no
# AllowTcpForwarding no
# ForceCommand cvs server
MacbookPro, iPhone 4S, iPod Touch, iPad 2
     
turtle777
Clinically Insane
Join Date: Jun 2001
Location: planning a comeback !
Status: Offline
Reply With Quote
Jun 30, 2009, 01:15 PM
 
Uhm, I'm going out on a limb here, but maybe you /etc/ssh_config is set up to only allow Public Key Authentication, not a password.

Have a look at your sshd_config:

sudo nano /etc/ssh/sshd_config

It should have a line reading PasswordAuthentication yes

-t
     
turtle777
Clinically Insane
Join Date: Jun 2001
Location: planning a comeback !
Status: Offline
Reply With Quote
Jun 30, 2009, 01:17 PM
 
Ah, very good, you read my mind.

#PasswordAuthentication yes is commented out.

Remove the #

I'm not sure if you have to restart SSH. If after the change it still doesn't work, try a reboot.

Again, some others here might be more knowledgeable how exactly to tweak the system.

Edit: from what I understand, #PasswordAuthentication yes is by default commented out, because this setting is the default setting. I'm not sure why it wouldn't be working for you.

It definitely seems like something is broken with your SSH config.

-t
     
ashishn  (op)
Forum Regular
Join Date: Oct 2004
Location: Pune, India
Status: Offline
Reply With Quote
Jun 30, 2009, 01:24 PM
 
It was commented. I un-commented it. Also UsePAM set to Yes as per comment description. Stopped Remote Login and restarted.

Still not working.. same error.
( Last edited by ashishn; Jun 30, 2009 at 01:25 PM. Reason: More information)
MacbookPro, iPhone 4S, iPod Touch, iPad 2
     
turtle777
Clinically Insane
Join Date: Jun 2001
Location: planning a comeback !
Status: Offline
Reply With Quote
Jun 30, 2009, 01:27 PM
 
UsePAM should be NO.

At least, according to this, PAM might interfere with Password Authentication.

-t
     
ashishn  (op)
Forum Regular
Join Date: Oct 2004
Location: Pune, India
Status: Offline
Reply With Quote
Jun 30, 2009, 01:37 PM
 
I tried ssh-keygen and following is the log.
=========================
ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/Users/myuser/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /Users/myuser/.ssh/id_rsa.
Your public key has been saved in /Users/myuser/.ssh/id_rsa.pub.
The key fingerprint is:
0f:f6:08:08:49:6b:f5:0e:3d:e6:fc:d2:60:a5:f9:db [email protected]
The key's randomart image is:
+--[ RSA 2048]----+
| . . |
| . + o |
| = . = . |
| . . B = |
| . X S |
| . B = |
| . = o |
| . o |
| . E |
+-----------------+
Ashishs-Mac:sshtemp myuser$ ssh -vvv [email protected]
OpenSSH_5.1p1, OpenSSL 0.9.7l 28 Sep 2006
debug1: Reading configuration data /etc/ssh_config
debug2: ssh_connect: needpriv 0
debug1: Connecting to 192.168.1.101 [192.168.1.101] port 22.
debug1: Connection established.
debug1: identity file /Users/myuser/.ssh/identity type -1
debug3: Not a RSA1 key file /Users/myuser/.ssh/id_rsa.
debug2: key_type_from_name: unknown key type '-----BEGIN'
debug3: key_read: missing keytype
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug2: key_type_from_name: unknown key type '-----END'
debug3: key_read: missing keytype
debug1: identity file /Users/myuser/.ssh/id_rsa type 1
debug1: identity file /Users/myuser/.ssh/id_dsa type -1
ssh_exchange_identification: Connection closed by remote host
Ashishs-Mac:sshtemp myuser$
=================
Commented UsePAM Yes, restarted ssh but same error.

I am clueless and need to goto sleep now
Thanks a ton for your help so far. Hopefully someone else may be able to find out real issue.

Thanks again.

Ashish
MacbookPro, iPhone 4S, iPod Touch, iPad 2
     
ashishn  (op)
Forum Regular
Join Date: Oct 2004
Location: Pune, India
Status: Offline
Reply With Quote
Jul 1, 2009, 07:02 AM
 
had upgraded from 10.4.11 and ssh wasn't working then too so I had tried to do a few things. Could those misadventures be causing the issue?
MacbookPro, iPhone 4S, iPod Touch, iPad 2
     
tonyswu
Fresh-Faced Recruit
Join Date: Jul 2009
Status: Offline
Reply With Quote
Jul 1, 2009, 12:38 PM
 
I am an intern at a large marketing company. We have a lot of Mac in our company with Leopard installed. We regularly do software push installation via SSH and it has worked nicely for us until we updated our Macs to 10.5.7. We started to notice that some (not all) 10.5.7 machines locking themselves out of SSH service even though the firewall is NOT on and remove login IS on. Remote login also cannot be turned off either via GUI or commend line. The only way we've found to fix the problem "temporarily" is to repair permission and restart. However problem does not go away permanently, and comes back sometimes after 1 day and sometimes after weeks. At this point we don't think the problem can be solved without another system update from Apple, but i'd like to see if someone can come up with a solution that's much quicker and does not involve repairing permission. Thanks.
     
CharlesS
Posting Junkie
Join Date: Dec 2000
Status: Offline
Reply With Quote
Jul 1, 2009, 12:39 PM
 
Originally Posted by ashishn View Post
had upgraded from 10.4.11 and ssh wasn't working then too so I had tried to do a few things. Could those misadventures be causing the issue?
Huh. If something left over from the Tiger install is messing up sshd, you could try an Archive and Install.

Ticking sound coming from a .pkg package? Don't let the .bom go off! Inspect it first with Pacifist. Macworld - five mice!
     
tonyswu
Fresh-Faced Recruit
Join Date: Jul 2009
Status: Offline
Reply With Quote
Jul 1, 2009, 01:19 PM
 
Oh, forgot to mention this. I don't think this problem is related to any configuration file. Cause the ssh port 22 is literally not open. In the system preference remote login is on, but if i go to terminal and type:

netstat -anf inet

port *.22 is not listening for incoming connection.
     
CharlesS
Posting Junkie
Join Date: Dec 2000
Status: Offline
Reply With Quote
Jul 1, 2009, 04:46 PM
 
Check the Console when you turn SSH on, to see if any errors get logged there.

Ticking sound coming from a .pkg package? Don't let the .bom go off! Inspect it first with Pacifist. Macworld - five mice!
     
tonyswu
Fresh-Faced Recruit
Join Date: Jul 2009
Status: Offline
Reply With Quote
Jul 2, 2009, 12:52 PM
 
this is the command i used to try to turn remote login on or off

systemsetup -setremotelogin on/off

when i have the ssh trouble, trying to turn remote login off will result in nothing.
trying to turn it on will result in a message saying remote login is already on.
i checked all the logs in the console application, didn't find anything relevant.
     
tonyswu
Fresh-Faced Recruit
Join Date: Jul 2009
Status: Offline
Reply With Quote
Jul 2, 2009, 10:40 PM
 
um, not sure if it's relevant to the original poster's problem, but my supervisor and i have narrowed down the problem some what. we found that all the Macs that are having ssh problem have had software push-installed via Casper, and we are in the process of finding out whether it's a problem from some of the older printer packages or the software Casper itself (the second possibility being much less likely). i'll keep you guys updated on our progress.
     
ashishn  (op)
Forum Regular
Join Date: Oct 2004
Location: Pune, India
Status: Offline
Reply With Quote
Jul 4, 2009, 02:22 PM
 
After a lot of Googling ssh is working it seems. I however wants to make sure that my system doesn't have any security issues. Following are the things I did.

i am no unix guy so all these were blind shots but worked in the end
- Tried SSH Helper but no use.
- SSH helper didn't backup up the sshd_config file so I copied the sshd_config.system_default to sshd_config
- got error: Could not load host key: /etc/ssh_host_rsa_key
- Created new dsa and rsa keys (thanks to this post) (I think it was without passphrase which I think is security risk. I used following commands
  • sudo ssh-keygen -t rsa1 -f /etc/ssh/ssh_host_key -N ''
  • sudo ssh-keygen -t rsa1 -f /etc/ssh_host_key -N ''
  • sudo ssh-keygen -t dsa -f /etc/ssh_host_dsa_key -N ''
- got error Connection refused by tcp wrapper
- Added following lines to hosts.allow (sshd : ALL : allow)
- changed port to 443

After editing hosts.allow, ssh started working
But I tried re-generated server keys using a passphrase after which ssh failed with following errors.
=====================
Jul 4 23:37:08 Ashishs-Mac sshd[755]: error: Could not load host key: /etc/ssh_host_rsa_key
Jul 4 23:37:08 Ashishs-Mac sshd[755]: error: Could not load host key: /etc/ssh_host_dsa_key
Jul 4 23:37:08 Ashishs-Mac sshd[755]: debug1: inetd sockets after dupping: 3, 4
Jul 4 23:37:08 Ashishs-Mac sshd[755]: Connection from 192.168.1.101 port 49704
Jul 4 23:37:08 Ashishs-Mac sshd[755]: debug1: Current Session ID is 055C1100 / Session Attributes are 00008000
Jul 4 23:37:08 Ashishs-Mac sshd[755]: debug1: Running in inetd mode in a non-root session... assuming inetd created the session for us.
Jul 4 23:37:08 Ashishs-Mac sshd[755]: debug1: Client protocol version 2.0; client software version OpenSSH_5.1
Jul 4 23:37:08 Ashishs-Mac sshd[755]: debug1: match: OpenSSH_5.1 pat OpenSSH*
Jul 4 23:37:08 Ashishs-Mac sshd[755]: debug1: Enabling compatibility mode for protocol 2.0
Jul 4 23:37:08 Ashishs-Mac sshd[755]: debug1: Local version string SSH-2.0-OpenSSH_5.1
Jul 4 23:37:08 Ashishs-Mac sshd[755]: debug1: do_cleanup
=====================

I re-generated keys using blank passphrase and now ssh is working.

it would be great if someone can tell me what should go in hosts.allow . I want to ssh from office via my router and other machines on my network. I will open the port on router.

Also, is blank passphrase a security issue? How to avoid it.

Thanks to all who has tried to help me.
MacbookPro, iPhone 4S, iPod Touch, iPad 2
     
turtle777
Clinically Insane
Join Date: Jun 2001
Location: planning a comeback !
Status: Offline
Reply With Quote
Jul 4, 2009, 04:39 PM
 
Originally Posted by ashishn View Post
- Added following lines to hosts.allow (sshd : ALL : allow)
- changed port to 443

it would be great if someone can tell me what should go in hosts.allow . I want to ssh from office via my router and other machines on my network. I will open the port on router.
1) In what config file did you add ALL : allow ?

/etc/ssh_config ?
/etc/sshd_config ?
/etc/hosts ?

I can't seem to find any line / file called hosts.allow.

2) Where did you change the port ?

/etc/sshd_config ?
Port 443

From ALL I read on teh intarwebs, it's a terribly bad idea trying to change the port for SSH to something other than 22. If security is your concern, this won't do a lot (key words: security by obscurity). But changing the port might break many other things.

-t
     
Cold Warrior
Moderator
Join Date: Jan 2001
Location: Polwaristan
Status: Offline
Reply With Quote
Jul 4, 2009, 10:16 PM
 
If you've created certificates, disabled pam and user/name logins, your security is solid and changing the port isn't helpful. Changing the port to a reserved port (443, https) is a very bad idea unless you're absolutely sure that no device on the LAN will need it (because you'd set up your router to forward 443 to your ssh host).
     
bruegel
Fresh-Faced Recruit
Join Date: Nov 2001
Location: Salamanca, Spain
Status: Offline
Reply With Quote
Jul 5, 2009, 05:15 AM
 
A couple of things to make sure of:

Go to System Preferences/Accounts/Youraccount and open Startup Options. Make sure Allow network users to access this computer is ON. Then click Optins below this label and make sure All network users is ON, or add yourself to the list.

Then click Show All the top and Make sure Remote Session is on. There are two radio buttons on the right, make sure All users is ON, or clic Just these uses and add yourself. Once this is done, close System Preferences and Restart. All should be ok. If not, it is either a preferences problem, or an upgrade problem, and we'll take it from there. Good luck!

Cheers,

Pieter
     
besson3c
Clinically Insane
Join Date: Mar 2001
Location: yes
Status: Offline
Reply With Quote
Jul 5, 2009, 02:02 PM
 
Originally Posted by turtle777 View Post
1) In what config file did you add ALL : allow ?

/etc/ssh_config ?
/etc/sshd_config ?
/etc/hosts ?

I can't seem to find any line / file called hosts.allow.
It doesn't exist by default, but if it is created it is honored. It, coupled with the deny file, simply allows you to control what host names can access stuff.

2) Where did you change the port ?

/etc/sshd_config ?
Port 443

From ALL I read on teh intarwebs, it's a terribly bad idea trying to change the port for SSH to something other than 22. If security is your concern, this won't do a lot (key words: security by obscurity). But changing the port might break many other things.
I've yet to come across something that supported SSH that wouldn't allow you to change the port. Changing the port is simply a CLI connect option (it can also be entered in your ssh config or ~/.ssh/config to save you this typing). Altering the port is actually a common practice, but you are right, it's not for security reasons, but to simply save you from having log files filled with failed login attempts, and to help limit general chattiness with sshd.
     
besson3c
Clinically Insane
Join Date: Mar 2001
Location: yes
Status: Offline
Reply With Quote
Jul 5, 2009, 02:07 PM
 
There is no need for a passwordless SSH key, original poster. As of Leopard ssh-agent will automatically fill in your password for you when challenged and when the keys match. A passwordless SSH key is indeed a security issue, as anybody that could hypothetically get a hold of your keys (stored in your home directory) will not only be able to connect to your machine, but also to other servers that you authenticate to with your public key.

There is no real need for a passwordless SSH key. If you must do this, using forced commands is a good option to limit what sorts of commands can be run remotely via SSH.
     
turtle777
Clinically Insane
Join Date: Jun 2001
Location: planning a comeback !
Status: Offline
Reply With Quote
Jul 5, 2009, 02:07 PM
 
Originally Posted by besson3c View Post
It doesn't exist by default, but if it is created it is honored. It, coupled with the deny file, simply allows you to control what host names can access stuff.
Which feeds my suspicion that the OP had fiddled with his SSH config beyond normal.

IMO, the reason that something is broken is because he broke it in the first place.

-t
     
besson3c
Clinically Insane
Join Date: Mar 2001
Location: yes
Status: Offline
Reply With Quote
Jul 5, 2009, 02:15 PM
 
That's one problem with just following the instructions from some guy or girl on the internet without understanding what you are doing. I don't mean to sound preachy cause I remember doing this myself back when I was learning, but I generally recommend at least doing your best understanding what is going on.
     
besson3c
Clinically Insane
Join Date: Mar 2001
Location: yes
Status: Offline
Reply With Quote
Jul 5, 2009, 02:16 PM
 
Original poster, did you have a /etc/hosts.deny file?
     
ashishn  (op)
Forum Regular
Join Date: Oct 2004
Location: Pune, India
Status: Offline
Reply With Quote
Jul 6, 2009, 05:03 AM
 
Didn't change hosts.allow myself ever before this. it has an entry with imad I think. Can't remember exactly.
Don't have hosts.deny.

Agreed one should not follow any random guide but I was learning.
Last hurdle was connecting using Putty. I kept on getting "server refused our keys". I found one post explaining generating keys on server machine and transfer the keys to windows machine. So some random post does help

ssh is now working.
MacbookPro, iPhone 4S, iPod Touch, iPad 2
     
   
Thread Tools
 
Forum Links
Forum Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Top
Privacy Policy
All times are GMT -4. The time now is 05:03 PM.
All contents of these forums © 1995-2017 MacNN. All rights reserved.
Branding + Design: www.gesamtbild.com
vBulletin v.3.8.8 © 2000-2017, Jelsoft Enterprises Ltd.,