SSH Hell... SSH Error "

[mar2194]

Hi,

So I've been using SSH for years, and am very familiar with it. Right now I want to setup my iMac so I can SSH into it from my computer at work, as I work on stuff at home and at work and SSH is simply the easiest way for me to access everything I need (files, applications, etc).

So, I have a number of questions:

After selecting enable remote login, etc (as I have done in the past and had it working) I then try to SSH into my iMac from a different computer on the same network. SSHing using verbose mode produces the following output:

Last login: Wed Dec 31 19:00:26 on console
Welcome to Darwin!
dyn-209-2-234-56:~ marshall$ ssh -vvv XXXXXX@dyn-river-XXX-245.dyn.columbia.edu OpenSSH_4.5p1, OpenSSL 0.9.7l 28 Sep 2006
debug1: Reading configuration data /etc/ssh_config
debug2: ssh_connect: needpriv 0
debug1: Connecting to dyn-river-XXX-245.dyn.columbia.edu [160.39.XXX.245] port 22.
debug1: Connection established.
debug1: identity file /Users/marshall/.ssh/identity type -1
debug1: identity file /Users/marshall/.ssh/id_rsa type -1
debug1: identity file /Users/marshall/.ssh/id_dsa type -1
ssh_exchange_identification: Connection closed by remote host
dyn-209-2-234-56:~ marshall$

?

Does anyone have a clue as to why I might be unable to SSH into my iMac? I know that port 22 is clear and open not only on my iMac but on the network as well (no network blocks on port 22). Also, I can SSH from my iMac into the other computer but not into my iMac. This was particularly frustrating because I recently went on a trip and needed access to my iMac... I had turned on SSH before I left but oops! Couldn't use it...

Is there a ssh preference file on my iMac somewhere that I need to fix?

 

[stomer]

You might want to open Console on your iMac and see what sshd is really complaining about.

BTW, I worked at a company that didn't completely block port 22 but would simply configure the firewall in such a way that the connections would be quickly dropped.

 

[mar2194]

Okay, well as I mentioned above on my network that the iMac is on I can SSH into a different computer (an old iBook setup for testing) but I cannot SSH into my iMac. I tried SSH from iBook to iMac, no go. From iMac to iBook, it works fine.


Another thing: About 2 weeks ago, I couldn't SSH into my iMac from a remote location, but could into the iBook. Someone HAS to have encountered this problem before. I feel like I deleted a file a long time ago when installing macports or something and that's how this all happened.

 

[angelwatt]

It looks like you're using the password-less method where it uses a private key. Perhaps the key has expired or something. These are usually stored in ~/.ssh/

I'm not at my Mac to look further as the file names.

 

[mar2194]

It looks like you're using the password-less method where it uses a private key. Perhaps the key has expired or something. These are usually stored in ~/.ssh/

I'm not at my Mac to look further as the file names.

What do you mean "password-less method" using a "private key"?

And the problem is with the server(iMac), not the client. The .ssh directory on my iMac (the server end) has a file known_hosts.tmp and that's it.

Anyone else have a clue?

 

[angelwatt]

What do you mean "password-less method" using a "private key"?

And the problem is with the server(iMac), not the client. The .ssh directory on my iMac (the server end) has a file known_hosts.tmp and that's it.

Anyone else have a clue?

The output you put in your post shows your ssh command, but doesn't show a line where it would have asked for your password, so I figured you were using the private key method, which allows connections without using a password each time.

The known_hosts file is one that stores the keys. Open it in a text editor and see if you can find a block that references the IP of the server you're connecting to. If so, you can try renaming the file and trying to connect again to see if it helps.

 

[stomer]

Make sure that your homedir does not have group write perms. Group write perms would stop you from logging in.

 

[mar2194]

Make sure that your homedir does not have group write perms. Group write perms would stop you from logging in.

So if I recursively remove all group permissions from my home directory, I should be able to SSH into my iMac?

 

[mar2194]

Okay removed group write permissions (not recursively) and still no go on the SSH... any OTHER ideas floating out there?

 

[LPZ]

Someone HAS to have encountered this problem before.

Lots of folks have. I assume you've Googled "ssh_exchange_identification: Connection closed by remote host". There are many hits, and many possible solutions.

Echoing stomer, I'd look at the log files on the server. Maybe try

cat /var/log/secure.log | grep "sshd"

in Terminal on the iMac. Any clues there?

Permissions on ~/.ssh should be

drwx------

 

[mar2194]

You might want to open Console on your iMac and see what sshd is really complaining about.

BTW, I worked at a company that didn't completely block port 22 but would simply configure the firewall in such a way that the connections would be quickly dropped.

Thanks for the advice! Now here's what I get (hopefully you can tell me what I need to change ) :


Nov 8 18:51:55 dyn-river-XXX-245 sshd[4947]: error: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Nov 8 18:51:55 dyn-river-XXX-245 sshd[4947]: error: @ WARNING: UNPROTECTED PRIVATE KEY FILE! @
Nov 8 18:51:55 dyn-river-XXX-245 sshd[4947]: error: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Nov 8 18:51:55 dyn-river-XXX-245 sshd[4947]: error: Permissions 0666 for '/etc/ssh_host_rsa_key' are too open.
Nov 8 18:51:55 dyn-river-XXX-245 sshd[4947]: error: It is recommended that your private key files are NOT accessible by others.
Nov 8 18:51:55 dyn-river-XXX-245 sshd[4947]: error: This private key will be ignored.
Nov 8 18:51:55 dyn-river-XXX-245 sshd[4947]: error: bad permissions: ignore key: /etc/ssh_host_rsa_key
Nov 8 18:51:55 dyn-river-XXX-245 sshd[4947]: error: Could not load host key: /etc/ssh_host_rsa_key
Nov 8 18:51:55 dyn-river-XXX-245 sshd[4947]: error: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Nov 8 18:51:55 dyn-river-XXX-245 sshd[4947]: error: @ WARNING: UNPROTECTED PRIVATE KEY FILE! @
Nov 8 18:51:55 dyn-river-XXX-245 sshd[4947]: error: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Nov 8 18:51:55 dyn-river-XXX-245 sshd[4947]: error: Permissions 0666 for '/etc/ssh_host_dsa_key' are too open.
Nov 8 18:51:55 dyn-river-XXX-245 sshd[4947]: error: It is recommended that your private key files are NOT accessible by others.
Nov 8 18:51:55 dyn-river-XXX-245 sshd[4947]: error: This private key will be ignored.
Nov 8 18:51:55 dyn-river-XXX-245 sshd[4947]: error: bad permissions: ignore key: /etc/ssh_host_dsa_key
Nov 8 18:51:55 dyn-river-XXX-245 sshd[4947]: error: Could not load host key: /etc/ssh_host_dsa_key
Nov 8 18:51:56 dyn-river-XXX-245 sandboxd[4949]: sshd(4948) deny mach-per-user-lookup
Nov 8 18:51:58: --- last message repeated 4 times ---

 

[mar2194]

Permissions on ~/.ssh should be

drwx------

Those permissions were off and have now been fixed, will try to SSH in a moment...

 

[LPZ]

Thanks for the advice! Now here's what I get (hopefully you can tell me what I need to change ) :


Nov 8 18:51:55 dyn-river-XXX-245 sshd[4947]: error: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Nov 8 18:51:55 dyn-river-XXX-245 sshd[4947]: error: @ WARNING: UNPROTECTED PRIVATE KEY FILE! @
Nov 8 18:51:55 dyn-river-XXX-245 sshd[4947]: error: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Nov 8 18:51:55 dyn-river-XXX-245 sshd[4947]: error: Permissions 0666 for '/etc/ssh_host_rsa_key' are too open.
Nov 8 18:51:55 dyn-river-XXX-245 sshd[4947]: error: It is recommended that your private key files are NOT accessible by others.
Nov 8 18:51:55 dyn-river-XXX-245 sshd[4947]: error: This private key will be ignored.
Nov 8 18:51:55 dyn-river-XXX-245 sshd[4947]: error: bad permissions: ignore key: /etc/ssh_host_rsa_key
Nov 8 18:51:55 dyn-river-XXX-245 sshd[4947]: error: Could not load host key: /etc/ssh_host_rsa_key
Nov 8 18:51:55 dyn-river-XXX-245 sshd[4947]: error: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Nov 8 18:51:55 dyn-river-XXX-245 sshd[4947]: error: @ WARNING: UNPROTECTED PRIVATE KEY FILE! @
Nov 8 18:51:55 dyn-river-XXX-245 sshd[4947]: error: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Nov 8 18:51:55 dyn-river-XXX-245 sshd[4947]: error: Permissions 0666 for '/etc/ssh_host_dsa_key' are too open.
Nov 8 18:51:55 dyn-river-XXX-245 sshd[4947]: error: It is recommended that your private key files are NOT accessible by others.
Nov 8 18:51:55 dyn-river-XXX-245 sshd[4947]: error: This private key will be ignored.
Nov 8 18:51:55 dyn-river-XXX-245 sshd[4947]: error: bad permissions: ignore key: /etc/ssh_host_dsa_key
Nov 8 18:51:55 dyn-river-XXX-245 sshd[4947]: error: Could not load host key: /etc/ssh_host_dsa_key
Nov 8 18:51:56 dyn-river-XXX-245 sandboxd[4949]: sshd(4948) deny mach-per-user-lookup
Nov 8 18:51:58: --- last message repeated 4 times ---

You need to change permissions on those keys.

In Terminal, enter

cd /etc; sudo chmod 600 ssh_host_rsa_key ssh_host_dsa_key

Enter your password when requested. This will set the correct permissions on those key files.

 

[mar2194]

Okay I'm going to say it, I love you guys! <3

Sooo.... props go to stomer and LPZ (LPZ I figured it out while you were writing your post on my own).

Stomer get's props because I figured it out using output from console. I never really used console before... great thing to know about!

LPZ's last post is the solution to the problem.

Thanks so much, now I am finally going to be able to relax! It's been bothering me for almost two weeks now. So glad I used these forums!

Instead of 600 I changed the permissions first a-rwx, then u+rwx. Then I tried again... and it worked. Woohoo

Again, props to LPZ and stomer