Snow Leopard keeps remembering my SSH Key's Password

Discussion in 'Mac Basics and Help' started by paleck, Aug 30, 2009.

  1. paleck macrumors 6502a

    paleck

    Joined:
    Apr 11, 2005
    Location:
    with the Tequila!
    #1
    I specifically am making sure that Snow Leopard is not allowed to remember the SSH password in my keychain, but for some reason now when I login with my ssh key it IS NOT asking for my password now. Any thoughts?
     
  2. BlueRevolution macrumors 603

    BlueRevolution

    Joined:
    Jul 26, 2004
    Location:
    Montreal, QC
    #2
    Delete ~/.ssh/authorized_keys on the server and ~/.ssh/id_dsa.pub on the client if they're present.

    Details.
     
  3. paleck thread starter macrumors 6502a

    paleck

    Joined:
    Apr 11, 2005
    Location:
    with the Tequila!
    #3
    This server will only allow key based authentication so I can't remove the key. Snow Leopard should be asking for my password every time I use the key.
     
  4. BlueRevolution macrumors 603

    BlueRevolution

    Joined:
    Jul 26, 2004
    Location:
    Montreal, QC
    #4
    There I can't help you. I thought it was a choice between key OR password authentication. Just a shot in the dark, what about changing the permissions on ~/.ssh/id_dsa.pub to 000 and then using sudo ssh?
     
  5. paleck thread starter macrumors 6502a

    paleck

    Joined:
    Apr 11, 2005
    Location:
    with the Tequila!
    #5
    You can protect your key with a password that CAN be stored in the keychain. I blocked SL from doing that and verified it is not showing in Keychain Access. Setting it to 000 would keep it from using it, but I'm thinking this is some kind of a bug with SL's implementation of ssh. In leopard/tiger ssh would correctly ask for my password everytime I connected to a server that used my key.
     
  6. BlueRevolution macrumors 603

    BlueRevolution

    Joined:
    Jul 26, 2004
    Location:
    Montreal, QC
    #6
    Interesting. If it's a bug you may just have to wait for 10.6.1. ssh should be able to access a file with 000 permissions when run as root, though.

    Sorry I couldn't be more help.
     
  7. paleck thread starter macrumors 6502a

    paleck

    Joined:
    Apr 11, 2005
    Location:
    with the Tequila!
    #7
    Right, I was referring to running ssh as my normal user. A chmod of 000 should block my user from being able to use the key file.
     
  8. BlueRevolution macrumors 603

    BlueRevolution

    Joined:
    Jul 26, 2004
    Location:
    Montreal, QC
    #8
    Of course. That's just the only workaround I can think of that would require you to enter your password prior to connecting.
     
  9. rfincher macrumors newbie

    Joined:
    Oct 14, 2009
    #9
    Me too

    Yes, I have the same problem. I tried copying the "Terminal.app" program across from a 10.5.8 Mac, and although this functioned OK (despite being the wrong OS version), it also cached the password.

    So this would appear to be the OS not the Terminal program. However, I can't find anything in the KeyChain which would explain this behaviour. I'm not sure if caching is the right word, because it still does it even after a reboot.

    Re other messages in this thread, I too am logging into a server which NEEDS an SSH rsa key authentication (SSH password not accepted). I find this odd because I believe Apple uses fairly standard OpenSSL/SSH software, so they must have set the default config options differently.
     
  10. rfincher macrumors newbie

    Joined:
    Oct 14, 2009
    #10
    Further information about Snow Leopard caching SSH Private Key Passwords

    Some progress on this.

    It is /usr/bin/ssh-agent which is the problem. If you login using an RSA Private Key which is protected with a key unlock password, this program is now caching it for you.

    This program was introduced as a default running program in regular Leopard, but only in Snow Leopard does it produce this problem. It must therefore be down to the way it is configured.

    If you do "killall ssh-agent" after EACH time you type the RSA Private key unlock password, it will forget it again. But the program is automatically restarted each time you do this, so it's always one step behind you. Obviously not a very satisfactory workaround, but it does point the finger in the direction of a cure.
     
  11. twiztidsid13 macrumors newbie

    Joined:
    Oct 21, 2009
    Location:
    crapville, why you want to visit
    #11
    didnt help

    im running Snow 10.6.1
    my airport set up looks much different then what was shown in the
    start of this thread.

    we have 4 computers on one router 3 of them being wireless and one ether
    3 of them are PCs and im on the only mac

    I'm not sure what to do to make all the net work better.
    My moms SuperDell is VERY slow, my gf's xps laptop works about as well
    as mine and my mom's HP is alittle slower then our laptops.

    We have a linksysWRT54G Ver.8

    If anyone can help, let me know
     

Share This Page