[legacyb4]

Hoping someone can enlighten me here on this...

I've got SSH working to a "T" between my Mac at home and at work. I've generated the necessary public/private keys, installed them on the respective machines, and written simple shell scripts so I don't have to keep retyping those bloody "ssh -l..." commands.

However, everything seems to work perfect only when a user is logged on the remote machine. If I log out on the remote machine and try to SSH in, I get:

- Permission denied (publickey,keyboard-interactive).

To enable SSH login, I first have to open System Preferences, toggle on/off "Allow Remote Login", then I'm able to get in. (this is done remotely using Timbuktu).

Does this sound right? I though SSH would be allowed regardless if a user is physically logged on the machine at any point in time.

Answers appreciated...

Cheers.

[Arkham_c]

I would be surprised if it required the user to be logged in. That goes against everything that remote shells are about. I am going to test it for you to see. I leave my home machine logged in all the time, so it would never have been an issue for me.

Okay, I tested it. I turned on remote access on my iBook running 10.1.2. I was able to ssh in using OpenSSH on Windows NT. Initially I got the same error you did:

<font face = "courier">Permission denied &gt;publickey,password,keyboard-interactive&gt;.</font>

I realized though it was trying to log me in using the username on my NT system (duh). I added the -l &lt;username&gt; flag and it worked fine. So what I ended up with was:

<font face = "courier">ssh -l dshaw 192.168.1.112</font>

Maybe that's your problem too. If not, try passing the -v flag and see if that helps in debugging the problem.

[legacyb4]

I would have thought the same thing about using SSH on a remote client...

Nope, no go. I can get in fine when the remote machine has a user logged in, but when everyone is logged out, this happens.

Any help appreciated!

Here's the login command:

ssh -l jeffrey -p 22 -i /Users/jeffrey/.ssh/G4-500_dsa [ip address of server] -v

-
Here's the verbose log:
-
OpenSSH_2.9p2, SSH protocols 1.5/2.0, OpenSSL 0x0090602f
debug1: Reading configuration data /etc/ssh_config
debug1: Seeding random number generator
debug1: Rhosts Authentication disabled, originating port will not be trusted.
debug1: restore_uid
debug1: ssh_connect: getuid 501 geteuid 501 anon 1
debug1: Connecting to [ip address of server] port 22.
debug1: restore_uid
debug1: restore_uid
debug1: Connection established.
debug1: identity file /Users/jeffrey/.ssh/G4-500_dsa type 2
debug1: Remote protocol version 1.99, remote software version OpenSSH_2.9p2
debug1: match: OpenSSH_2.9p2 pat ^OpenSSH
Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_2.9p2
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server-&gt;client aes128-cbc hmac-md5 none
debug1: kex: client-&gt;server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: dh_gen_key: priv key bits set: 132/256
debug1: bits set: 1033/2049
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host '[ip address of server]' is known and matches the RSA host key.
debug1: Found key in /Users/jeffrey/.ssh/known_hosts2:1
debug1: bits set: 1023/2049
debug1: ssh_rsa_verify: signature correct
debug1: kex_derive_keys
debug1: newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: waiting for SSH2_MSG_NEWKEYS
debug1: newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: done: ssh_kex2.
debug1: send SSH2_MSG_SERVICE_REQUEST
debug1: service_accept: ssh-userauth
debug1: got SSH2_MSG_SERVICE_ACCEPT
debug1: authentications that can continue: publickey,keyboard-interactive
debug1: next auth method to try is publickey
debug1: try pubkey: /Users/jeffrey/.ssh/G4-500_dsa
debug1: authentications that can continue: publickey,keyboard-interactive
debug1: next auth method to try is keyboard-interactive
debug1: authentications that can continue: publickey,keyboard-interactive
debug1: authentications that can continue: publickey,keyboard-interactive
debug1: authentications that can continue: publickey,keyboard-interactive
debug1: no more auth methods to try
Permission denied (publickey,keyboard-interactive).
debug1: Calling cleanup 0x16938(0x0)
-

Originally posted by Arkham_c:
<STRONG>I would be surprised if it required the user to be logged in. That goes against everything that remote shells are about. I am going to test it for you to see. I leave my home machine logged in all the time, so it would never have been an issue for me.

Okay, I tested it. I turned on remote access on my iBook running 10.1.2. I was able to ssh in using OpenSSH on Windows NT. Initially I got the same error you did:

&lt;font face = "courier"&gt;Permission denied &gt;publickey,password,keyboard-interactive&gt;.&lt;/font&gt;

I realized though it was trying to log me in using the username on my NT system (duh). I added the -l &lt;username&gt; flag and it worked fine. So what I ended up with was:

&lt;font face = "courier"&gt;ssh -l dshaw 192.168.1.112&lt;/font&gt;

Maybe that's your problem too. If not, try passing the -v flag and see if that helps in debugging the problem.</STRONG>

[legacyb4]

This is what I get if I physically log in on the remote machine and restart "Enable Remote Login" in the System Preferences (even if it's on, the first time around results in failure like above).

-
OpenSSH_2.9p2, SSH protocols 1.5/2.0, OpenSSL 0x0090602f
debug1: Reading configuration data /etc/ssh_config
debug1: Seeding random number generator
debug1: Rhosts Authentication disabled, originating port will not be trusted.
debug1: restore_uid
debug1: ssh_connect: getuid 501 geteuid 501 anon 1
debug1: Connecting to [ip address of server] port 22.
debug1: restore_uid
debug1: restore_uid
debug1: Connection established.
debug1: identity file /Users/jeffrey/.ssh/G4-500_dsa type 2
debug1: Remote protocol version 1.99, remote software version OpenSSH_2.9p2
debug1: match: OpenSSH_2.9p2 pat ^OpenSSH
Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_2.9p2
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server-&gt;client aes128-cbc hmac-md5 none
debug1: kex: client-&gt;server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: dh_gen_key: priv key bits set: 120/256
debug1: bits set: 1017/2049
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host '[ip address of server]' is known and matches the RSA host key.
debug1: Found key in /Users/jeffrey/.ssh/known_hosts2:1
debug1: bits set: 1042/2049
debug1: ssh_rsa_verify: signature correct
debug1: kex_derive_keys
debug1: newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: waiting for SSH2_MSG_NEWKEYS
debug1: newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: done: ssh_kex2.
debug1: send SSH2_MSG_SERVICE_REQUEST
debug1: service_accept: ssh-userauth
debug1: got SSH2_MSG_SERVICE_ACCEPT
debug1: authentications that can continue: publickey,keyboard-interactive
debug1: next auth method to try is publickey
debug1: try pubkey: /Users/jeffrey/.ssh/G4-500_dsa
debug1: input_userauth_pk_ok: pkalg ssh-dss blen 434 lastkey 0x4baf0 hint 0
debug1: PEM_read_PrivateKey failed
debug1: read PEM private key done: type &lt;unknown&gt;
Enter passphrase for key '/Users/jeffrey/.ssh/G4-500_dsa':

[mmurray]

Hi

Sorry I don't know the answer to your question but I have never had a problem with needing a user logged in. I have often ssh'ed into
a machine that has nobody logged into it (ie it is showing the login
screen). I didn't set up all the public and private keys on various machines though I just did ssh and accepted what keys it offered me.

On a minor note if you don't like

ssh -l fred host.com


you can do

ssh [email protected]


Michael

[johann]

yeah, that's wrong. your ssh seems broken. i'll try to reproduce your errors. you should try to update you SSH as in this article: http://www.stepwise.com/Articles/Wor...-12-17.01.html

i'll post my results on connecting as you say in a bit...

good luck