Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

ssh not authorizing though password is right

P

prtc

macrumors newbie
Original poster
Jan 26, 2009
7
0
hello,

i'm lost. i can't ssh to my mac anymore, it returns "Permission denied (publickey,password,keyboard-interactive)" although i'm sure i'm entering the right password. i tried to ssh locally too (ssh myusername@localhost), same result.

it used to work and i don't remember fiddling with anything close to that. maybe a system update? running 10.5.8.

thx for any help
 
L

LPZ

macrumors 65816
Jul 11, 2006
1,221
2
prtc said:
hello,

i'm lost. i can't ssh to my mac anymore, it returns "Permission denied (publickey,password,keyboard-interactive)" although i'm sure i'm entering the right password. i tried to ssh locally too (ssh myusername@localhost), same result.

it used to work and i don't remember fiddling with anything close to that. maybe a system update? running 10.5.8.

thx for any help
Click to expand...


Use ssh -vvv to get a lot of possibly helpful debugging info. Post here and maybe someone can help.
 
L

larkost

macrumors 6502a
Oct 13, 2007
534
1
The best troubleshooting step for this is to look in the secure.log on the computer you are trying to get into. That usually states the reason why the login was denied in pretty plain terms.
 
P

prtc

macrumors newbie
Original poster
Jan 26, 2009
7
0
hello,

secure.log says i failed password, but i'm pretty sure it is all right, it's the same i use to login or unlock screen all the time every day (or at least it used to be):

$ tail /private/var/log/secure.log
Aug 26 14:15:38 arya sshd[446]: Failed password for pcoelho from ::1 port 49367 ssh2
Aug 26 14:16:08: --- last message repeated 2 times ---


here goes the output from ssh -vvv:

$ssh -vvv pcoelho@localhost
OpenSSH_5.2p1, OpenSSL 0.9.7l 28 Sep 2006
debug1: Reading configuration data /etc/ssh_config
debug1: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to localhost [::1] port 22.
debug1: Connection established.
debug1: identity file /Users/pcoelho/.ssh/identity type -1
debug3: Not a RSA1 key file /Users/pcoelho/.ssh/id_rsa.
debug2: key_type_from_name: unknown key type '-----BEGIN'
debug3: key_read: missing keytype
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug2: key_type_from_name: unknown key type '-----END'
debug3: key_read: missing keytype
debug1: identity file /Users/pcoelho/.ssh/id_rsa type 1
debug1: identity file /Users/pcoelho/.ssh/id_dsa type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.2
debug1: match: OpenSSH_5.2 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.2
debug2: fd 3 setting O_NONBLOCK
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib@openssh.com
debug2: kex_parse_kexinit: none,zlib@openssh.com
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: mac_setup: found hmac-md5
debug1: kex: server->client aes128-ctr hmac-md5 none
debug2: mac_setup: found hmac-md5
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug2: dh_gen_key: priv key bits set: 125/256
debug2: bits set: 493/1024
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug3: check_host_in_hostfile: filename /Users/pcoelho/.ssh/known_hosts
debug3: check_host_in_hostfile: match line 3
debug1: Host 'localhost' is known and matches the RSA host key.
debug1: Found key in /Users/pcoelho/.ssh/known_hosts:3
debug2: bits set: 509/1024
debug1: ssh_rsa_verify: signature correct
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: /Users/pcoelho/.ssh/identity (0x0)
debug2: key: /Users/pcoelho/.ssh/id_rsa (0x107ef0)
debug2: key: /Users/pcoelho/.ssh/id_dsa (0x0)
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug3: start over, passed a different list publickey,password,keyboard-interactive
debug3: preferred gssapi-with-mic,publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Trying private key: /Users/pcoelho/.ssh/identity
debug3: no such identity: /Users/pcoelho/.ssh/identity
debug1: Offering public key: /Users/pcoelho/.ssh/id_rsa
debug3: send_pubkey_test
debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Trying private key: /Users/pcoelho/.ssh/id_dsa
debug3: no such identity: /Users/pcoelho/.ssh/id_dsa
debug2: we did not send a packet, disable method
debug3: authmethod_lookup keyboard-interactive
debug3: remaining preferred: password
debug3: authmethod_is_enabled keyboard-interactive
debug1: Next authentication method: keyboard-interactive
debug2: userauth_kbdint
debug2: we sent a keyboard-interactive packet, wait for reply
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug3: userauth_kbdint: disable: no info_req_seen
debug2: we did not send a packet, disable method
debug3: authmethod_lookup password
debug3: remaining preferred:
debug3: authmethod_is_enabled password
debug1: Next authentication method: password
pcoelho@localhost's password:
debug3: packet_send2: adding 64 (len 60 padlen 4 extra_pad 64)
debug2: we sent a password packet, wait for reply
debug1: Authentications that can continue: publickey,password,keyboard-interactive
Permission denied, please try again.
pcoelho@localhost's password:
debug3: packet_send2: adding 64 (len 60 padlen 4 extra_pad 64)
debug2: we sent a password packet, wait for reply
debug1: Authentications that can continue: publickey,password,keyboard-interactive
Permission denied, please try again.
pcoelho@localhost's password:
debug3: packet_send2: adding 64 (len 60 padlen 4 extra_pad 64)
debug2: we sent a password packet, wait for reply
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug2: we did not send a packet, disable method
debug1: No more authentication methods to try.
Permission denied (publickey,password,keyboard-interactive).
 
L

LPZ

macrumors 65816
Jul 11, 2006
1,221
2
Is the user name exactly right? The password? No capitalization issues? Caps lock is off? No strange keyboard encodings?

Not sure what else to suggest, except to change your passwords and then try ssh again with the new passwords.
 
tag

tag

macrumors 6502a
Apr 29, 2005
918
9
prtc said:
debug2: we sent a password packet, wait for reply
debug1: Authentications that can continue: publickey,password,keyboard-interactive
Click to expand...

Comparing the above to my ssh setup, it seems you are sending a speciific type of password packet, not a normal login password which would be signified as a keyboard-interactive password on the top line of the above quoted segment.

Looking higher up in your -vvv segment, it shows the following...

prtc said:
debug1: identity file /Users/pcoelho/.ssh/identity type -1
debug3: Not a RSA1 key file /Users/pcoelho/.ssh/id_rsa.
debug2: key_type_from_name: unknown key type '-----BEGIN'
--CUT---
debug3: key_read: missing keytype
Click to expand...

From the above I'm thinking maybe the ssh login is trying to use the above key with its matching password, not your system login password. If I were you I'd get rid of or better yet temporarily remove your identity and id_rsa files and see if you can login properly then.
 
P

prtc

macrumors newbie
Original poster
Jan 26, 2009
7
0
i tried:

- changing my password
- deleting everything inside ~/.ssh
- adding a new user with a stupid password and try to ssh with this user to localhost.

everything failed.

if it is the same result independently of the user, may i guess it has something to to with system-wide settings? i post them below.

/etc/ssh_config:

Host *
# ForwardAgent no
# ForwardX11 no
# RhostsRSAAuthentication no
# RSAAuthentication yes
PasswordAuthentication yes
# HostbasedAuthentication no
GSSAPIAuthentication yes
GSSAPIDelegateCredentials no
# GSSAPIKeyExchange no
# GSSAPITrustDNS no
# BatchMode no
# CheckHostIP yes
# AddressFamily any
# ConnectTimeout 0
# StrictHostKeyChecking ask
# IdentityFile ~/.ssh/identity
# IdentityFile ~/.ssh/id_rsa
# IdentityFile ~/.ssh/id_dsa
# Port 22
# Protocol 2,1
# Cipher 3des
# Ciphers aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc
# MACs hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160
# EscapeChar ~
# Tunnel no
# TunnelDevice any:any
# PermitLocalCommand no
SendEnv LANG LC_*
HashKnownHosts yes

and /etc/sshd_config

#Port 22
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::

# Disable legacy (protocol version 1) support in the server for new
# installations. In future the default will change to require explicit
# activation of protocol 1
Protocol 2

# HostKey for protocol version 1
#HostKey /etc/ssh_host_key
# HostKeys for protocol version 2
#HostKey /etc/ssh_host_rsa_key
#HostKey /etc/ssh_host_dsa_key

# Lifetime and size of ephemeral version 1 server key
#KeyRegenerationInterval 1h
#ServerKeyBits 1024

# Logging
# obsoletes QuietMode and FascistLogging
SyslogFacility AUTHPRIV
#LogLevel INFO

# Authentication:

#LoginGraceTime 2m
PermitRootLogin yes
#StrictModes yes
#MaxAuthTries 6
#MaxSessions 10

#RSAAuthentication yes
#PubkeyAuthentication yes
#AuthorizedKeysFile .ssh/authorized_keys

# For this to work you will also need host keys in /etc/ssh_known_hosts
#RhostsRSAAuthentication no
# similar for protocol version 2
#HostbasedAuthentication no
# Change to yes if you don't trust ~/.ssh/known_hosts for
# RhostsRSAAuthentication and HostbasedAuthentication
#IgnoreUserKnownHosts no
# Don't read the user's ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes

# To disable tunneled clear text passwords, change to no here! Also,
# remember to set the UsePAM setting to 'no'.
PasswordAuthentication yes
PermitEmptyPasswords no

# SACL options
#SACLSupport yes

# Change to no to disable s/key passwords
#ChallengeResponseAuthentication yes

# Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
#KerberosGetAFSToken no

# GSSAPI options
#GSSAPIAuthentication no
#GSSAPICleanupCredentials yes
#GSSAPIStrictAcceptorCheck yes
#GSSAPIKeyExchange no

# Set this to 'yes' to enable PAM authentication, account processing,
# and session processing. If this is enabled, PAM authentication will
# be allowed through the ChallengeResponseAuthentication and
# PasswordAuthentication. Depending on your PAM configuration,
# PAM authentication via ChallengeResponseAuthentication may bypass
# the setting of "PermitRootLogin without-password".
# If you just want the PAM account and session checks to run without
# PAM authentication, then enable this but set PasswordAuthentication
# and ChallengeResponseAuthentication to 'no'.
# Also, PAM will deny null passwords by default. If you need to allow
# null passwords, add the " nullok" option to the end of the
# securityserver.so line in /etc/pam.d/sshd.
UsePAM no

#AllowAgentForwarding yes
#AllowTcpForwarding yes
#GatewayPorts no
#X11Forwarding no
#X11DisplayOffset 10
#X11UseLocalhost yes
#PrintMotd yes
#PrintLastLog yes
#TCPKeepAlive yes
#UseLogin no
#UsePrivilegeSeparation yes
#PermitUserEnvironment no
#Compression delayed
#ClientAliveInterval 0
#ClientAliveCountMax 3
#UseDNS yes
#PidFile /var/run/sshd.pid
#MaxStartups 10
#PermitTunnel no
#ChrootDirectory none

# no default banner path
#Banner none

# override default of no subsystems
Subsystem sftp /usr/libexec/sftp-server

# Example of overriding settings on a per-user basis
#Match User anoncvs
# X11Forwarding no
# AllowTcpForwarding no
# ForceCommand cvs server
 
L

LPZ

macrumors 65816
Jul 11, 2006
1,221
2
prtc said:
i tried:

- changing my password
- deleting everything inside ~/.ssh
- adding a new user with a stupid password and try to ssh with this user to localhost.

everything failed.

if it is the same result independently of the user, may i guess it has something to to with system-wide settings? i post them below.
Click to expand...

Just to be clear, you were also unable to ssh into a machine other than localhost?

To simplify testing, you could save a backup copy of your current ssh_config file and then try this modified one, which disables all authentication methods other than password. Try ssh -vvv with this new ssh_config in place:

/etc/ssh_config:

Host *
# ForwardAgent no
# ForwardX11 no
# RhostsRSAAuthentication no
RSAAuthentication no
PasswordAuthentication yes
# HostbasedAuthentication no
GSSAPIAuthentication no
GSSAPIDelegateCredentials no
# GSSAPIKeyExchange no
# GSSAPITrustDNS no
# BatchMode no
# CheckHostIP yes
# AddressFamily any
# ConnectTimeout 0
# StrictHostKeyChecking ask
# IdentityFile ~/.ssh/identity
# IdentityFile ~/.ssh/id_rsa
# IdentityFile ~/.ssh/id_dsa
# Port 22
# Protocol 2,1
# Cipher 3des
# Ciphers aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc
# MACs hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160
# EscapeChar ~
# Tunnel no
# TunnelDevice any:any
# PermitLocalCommand no
SendEnv LANG LC_*
HashKnownHosts yes


By the way, you might want to disable RootLogin in sshd_config, as a security measure.
 
P

prtc

macrumors newbie
Original poster
Jan 26, 2009
7
0
LPZ said:
Just to be clear, you were also unable to ssh into a machine other than localhost?
Click to expand...

I do can ssh from my mac into my linux box.
I can't ssh from my linux box into my mac, i get the same problem when i try ssh localhost on the mac.

LPZ said:
To simplify testing, you could save a backup copy of your current ssh_config file and then try this modified one, which disables all authentication methods other than password. Try ssh -vvv with this new ssh_config in place:
Click to expand...

here it goes:

: ssh -vvv pcoelho@localhost
OpenSSH_5.2p1, OpenSSL 0.9.7l 28 Sep 2006
debug1: Reading configuration data /etc/ssh_config
debug1: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to localhost [::1] port 22.
debug1: Connection established.
debug1: identity file /Users/pcoelho/.ssh/identity type -1
debug1: identity file /Users/pcoelho/.ssh/id_rsa type -1
debug1: identity file /Users/pcoelho/.ssh/id_dsa type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.2
debug1: match: OpenSSH_5.2 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.2
debug2: fd 3 setting O_NONBLOCK
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib@openssh.com
debug2: kex_parse_kexinit: none,zlib@openssh.com
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: mac_setup: found hmac-md5
debug1: kex: server->client aes128-ctr hmac-md5 none
debug2: mac_setup: found hmac-md5
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug2: dh_gen_key: priv key bits set: 133/256
debug2: bits set: 503/1024
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug3: check_host_in_hostfile: filename /Users/pcoelho/.ssh/known_hosts
debug3: check_host_in_hostfile: match line 1
debug1: Host 'localhost' is known and matches the RSA host key.
debug1: Found key in /Users/pcoelho/.ssh/known_hosts:1
debug2: bits set: 518/1024
debug1: ssh_rsa_verify: signature correct
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: /Users/pcoelho/.ssh/identity (0x0)
debug2: key: /Users/pcoelho/.ssh/id_rsa (0x0)
debug2: key: /Users/pcoelho/.ssh/id_dsa (0x0)
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug3: start over, passed a different list publickey,password,keyboard-interactive
debug3: preferred publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Trying private key: /Users/pcoelho/.ssh/identity
debug3: no such identity: /Users/pcoelho/.ssh/identity
debug1: Trying private key: /Users/pcoelho/.ssh/id_rsa
debug3: no such identity: /Users/pcoelho/.ssh/id_rsa
debug1: Trying private key: /Users/pcoelho/.ssh/id_dsa
debug3: no such identity: /Users/pcoelho/.ssh/id_dsa
debug2: we did not send a packet, disable method
debug3: authmethod_lookup keyboard-interactive
debug3: remaining preferred: password
debug3: authmethod_is_enabled keyboard-interactive
debug1: Next authentication method: keyboard-interactive
debug2: userauth_kbdint
debug2: we sent a keyboard-interactive packet, wait for reply
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug3: userauth_kbdint: disable: no info_req_seen
debug2: we did not send a packet, disable method
debug3: authmethod_lookup password
debug3: remaining preferred:
debug3: authmethod_is_enabled password
debug1: Next authentication method: password
pcoelho@localhost's password:
debug3: packet_send2: adding 64 (len 60 padlen 4 extra_pad 64)
debug2: we sent a password packet, wait for reply
debug1: Authentications that can continue: publickey,password,keyboard-interactive
Permission denied, please try again.
pcoelho@localhost's password:
debug3: packet_send2: adding 64 (len 60 padlen 4 extra_pad 64)
debug2: we sent a password packet, wait for reply
debug1: Authentications that can continue: publickey,password,keyboard-interactive
Permission denied, please try again.
pcoelho@localhost's password:
debug3: packet_send2: adding 64 (len 60 padlen 4 extra_pad 64)
debug2: we sent a password packet, wait for reply
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug2: we did not send a packet, disable method
debug1: No more authentication methods to try.
Permission denied (publickey,password,keyboard-interactive).


LPZ said:
By the way, you might want to disable RootLogin in sshd_config, as a security measure.
Click to expand...

I did, thanks.
 
L

LPZ

macrumors 65816
Jul 11, 2006
1,221
2
prtc said:
I do can ssh from my mac into my linux box.
I can't ssh from my linux box into my mac, i get the same problem when i try ssh localhost on the mac.
Click to expand...

Oh. Then we probably should be focusing on that sshd_config on the mac. Let me take another look. Maybe someone else can spot something too.

By the way, did you keep a backup copy of the original sshd_config file, before you edited? If so, you can swap it back into place and test again.

[EDIT] I guess it would make sense to disable all authentication options except password in that sshd_config file. Then reboot and try ssh -vvv to localhost again.
 
P

prtc

macrumors newbie
Original poster
Jan 26, 2009
7
0
LPZ said:
Oh. Then we probably should be focusing on that sshd_config on the mac. Let me take another look. Maybe someone else can spot something too.

By the way, did you keep a backup copy of the original sshd_config file, before you edited? If so, you can swap it back into place and test again.

[EDIT] I guess it would make sense to disable all authentication options except password in that sshd_config file. Then reboot and try ssh -vvv to localhost again.
Click to expand...

actually, is rebooting the only way to restart ssh daemon? i've been disabling and enabling remote login in system preferences to "restart" sshd. maybe i'm not really testing what i edited in the config files after all...
 
G

Guiyon

macrumors 6502a
Mar 19, 2008
771
4
Cambridge, MA
I'd try removing the 'UsePAM no' line. IIRC, UsePAM defaults to yes on Mac OS X and that could be the reason why you can't login (no userdb/passdb backend!).
 
L

LPZ

macrumors 65816
Jul 11, 2006
1,221
2
prtc said:
actually, is rebooting the only way to restart ssh daemon? i've been disabling and enabling remote login in system preferences to "restart" sshd. maybe i'm not really testing what i edited in the config files after all...
Click to expand...

That should also work to stop/start sshd.

Guiyon said:
I'd try removing the 'UsePAM no' line. IIRC, UsePAM defaults to yes on Mac OS X and that could be the reason why you can't login (no userdb/passdb backend!).
Click to expand...

You recall correctly. Thanks.
 
P

prtc

macrumors newbie
Original poster
Jan 26, 2009
7
0
Guiyon said:
I'd try removing the 'UsePAM no' line. IIRC, UsePAM defaults to yes on Mac OS X and that could be the reason why you can't login (no userdb/passdb backend!).
Click to expand...

it worked! many thx!!

no idea why that line ended up there, or actually, what the heck userdb/passdb backend means, but that's less important... :)
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom