SSH Hell... SSH Error "

Discussion in 'macOS' started by mar2194, Nov 7, 2010.

  1. mar2194 macrumors member

    mar2194

    Joined:
    Feb 22, 2010
    Location:
    Los Angeles, CA
    #1
    Hi,

    So I've been using SSH for years, and am very familiar with it. Right now I want to setup my iMac so I can SSH into it from my computer at work, as I work on stuff at home and at work and SSH is simply the easiest way for me to access everything I need (files, applications, etc).

    So, I have a number of questions:

    After selecting enable remote login, etc (as I have done in the past and had it working) I then try to SSH into my iMac from a different computer on the same network. SSHing using verbose mode produces the following output:

    Last login: Wed Dec 31 19:00:26 on console
    Welcome to Darwin!
    dyn-209-2-234-56:~ marshall$ ssh -vvv XXXXXX@dyn-river-XXX-245.dyn.columbia.edu OpenSSH_4.5p1, OpenSSL 0.9.7l 28 Sep 2006
    debug1: Reading configuration data /etc/ssh_config
    debug2: ssh_connect: needpriv 0
    debug1: Connecting to dyn-river-XXX-245.dyn.columbia.edu [160.39.XXX.245] port 22.
    debug1: Connection established.
    debug1: identity file /Users/marshall/.ssh/identity type -1
    debug1: identity file /Users/marshall/.ssh/id_rsa type -1
    debug1: identity file /Users/marshall/.ssh/id_dsa type -1
    ssh_exchange_identification: Connection closed by remote host
    dyn-209-2-234-56:~ marshall$

    ?

    Does anyone have a clue as to why I might be unable to SSH into my iMac? I know that port 22 is clear and open not only on my iMac but on the network as well (no network blocks on port 22). Also, I can SSH from my iMac into the other computer but not into my iMac. This was particularly frustrating because I recently went on a trip and needed access to my iMac... I had turned on SSH before I left but oops! Couldn't use it...

    Is there a ssh preference file on my iMac somewhere that I need to fix?
     
  2. stomer macrumors 6502a

    Joined:
    Apr 2, 2007
    Location:
    Leeds, UK
    #2
    You might want to open Console on your iMac and see what sshd is really complaining about.

    BTW, I worked at a company that didn't completely block port 22 but would simply configure the firewall in such a way that the connections would be quickly dropped.
     
  3. mar2194 thread starter macrumors member

    mar2194

    Joined:
    Feb 22, 2010
    Location:
    Los Angeles, CA
    #3
    Okay, well as I mentioned above on my network that the iMac is on I can SSH into a different computer (an old iBook setup for testing) but I cannot SSH into my iMac. I tried SSH from iBook to iMac, no go. From iMac to iBook, it works fine.


    Another thing: About 2 weeks ago, I couldn't SSH into my iMac from a remote location, but could into the iBook. Someone HAS to have encountered this problem before. I feel like I deleted a file a long time ago when installing macports or something and that's how this all happened.
     
  4. angelwatt Moderator emeritus

    angelwatt

    Joined:
    Aug 16, 2005
    Location:
    USA
    #4
    It looks like you're using the password-less method where it uses a private key. Perhaps the key has expired or something. These are usually stored in ~/.ssh/

    I'm not at my Mac to look further as the file names.
     
  5. mar2194 thread starter macrumors member

    mar2194

    Joined:
    Feb 22, 2010
    Location:
    Los Angeles, CA
    #5
    What do you mean "password-less method" using a "private key"?

    And the problem is with the server(iMac), not the client. The .ssh directory on my iMac (the server end) has a file known_hosts.tmp and that's it.

    Anyone else have a clue?
     
  6. angelwatt Moderator emeritus

    angelwatt

    Joined:
    Aug 16, 2005
    Location:
    USA
    #6
    The output you put in your post shows your ssh command, but doesn't show a line where it would have asked for your password, so I figured you were using the private key method, which allows connections without using a password each time.

    The known_hosts file is one that stores the keys. Open it in a text editor and see if you can find a block that references the IP of the server you're connecting to. If so, you can try renaming the file and trying to connect again to see if it helps.
     
  7. stomer macrumors 6502a

    Joined:
    Apr 2, 2007
    Location:
    Leeds, UK
    #7
    Make sure that your homedir does not have group write perms. Group write perms would stop you from logging in.
     
  8. mar2194 thread starter macrumors member

    mar2194

    Joined:
    Feb 22, 2010
    Location:
    Los Angeles, CA
    #8
    So if I recursively remove all group permissions from my home directory, I should be able to SSH into my iMac?
     
  9. mar2194 thread starter macrumors member

    mar2194

    Joined:
    Feb 22, 2010
    Location:
    Los Angeles, CA
    #9
    Okay removed group write permissions (not recursively) and still no go on the SSH... any OTHER ideas floating out there?
     
  10. LPZ macrumors 65816

    Joined:
    Jul 11, 2006
    #10
    Lots of folks have. I assume you've Googled "ssh_exchange_identification: Connection closed by remote host". There are many hits, and many possible solutions.

    Echoing stomer, I'd look at the log files on the server. Maybe try

    Code:
    cat /var/log/secure.log | grep "sshd"
    in Terminal on the iMac. Any clues there?

    Permissions on ~/.ssh should be

    Code:
    drwx------
     
  11. mar2194 thread starter macrumors member

    mar2194

    Joined:
    Feb 22, 2010
    Location:
    Los Angeles, CA
    #11
    Thanks for the advice! Now here's what I get (hopefully you can tell me what I need to change :) ) :


    Nov 8 18:51:55 dyn-river-XXX-245 sshd[4947]: error: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
    Nov 8 18:51:55 dyn-river-XXX-245 sshd[4947]: error: @ WARNING: UNPROTECTED PRIVATE KEY FILE! @
    Nov 8 18:51:55 dyn-river-XXX-245 sshd[4947]: error: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
    Nov 8 18:51:55 dyn-river-XXX-245 sshd[4947]: error: Permissions 0666 for '/etc/ssh_host_rsa_key' are too open.
    Nov 8 18:51:55 dyn-river-XXX-245 sshd[4947]: error: It is recommended that your private key files are NOT accessible by others.
    Nov 8 18:51:55 dyn-river-XXX-245 sshd[4947]: error: This private key will be ignored.
    Nov 8 18:51:55 dyn-river-XXX-245 sshd[4947]: error: bad permissions: ignore key: /etc/ssh_host_rsa_key
    Nov 8 18:51:55 dyn-river-XXX-245 sshd[4947]: error: Could not load host key: /etc/ssh_host_rsa_key
    Nov 8 18:51:55 dyn-river-XXX-245 sshd[4947]: error: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
    Nov 8 18:51:55 dyn-river-XXX-245 sshd[4947]: error: @ WARNING: UNPROTECTED PRIVATE KEY FILE! @
    Nov 8 18:51:55 dyn-river-XXX-245 sshd[4947]: error: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
    Nov 8 18:51:55 dyn-river-XXX-245 sshd[4947]: error: Permissions 0666 for '/etc/ssh_host_dsa_key' are too open.
    Nov 8 18:51:55 dyn-river-XXX-245 sshd[4947]: error: It is recommended that your private key files are NOT accessible by others.
    Nov 8 18:51:55 dyn-river-XXX-245 sshd[4947]: error: This private key will be ignored.
    Nov 8 18:51:55 dyn-river-XXX-245 sshd[4947]: error: bad permissions: ignore key: /etc/ssh_host_dsa_key
    Nov 8 18:51:55 dyn-river-XXX-245 sshd[4947]: error: Could not load host key: /etc/ssh_host_dsa_key
    Nov 8 18:51:56 dyn-river-XXX-245 sandboxd[4949]: sshd(4948) deny mach-per-user-lookup
    Nov 8 18:51:58: --- last message repeated 4 times ---
     
  12. mar2194 thread starter macrumors member

    mar2194

    Joined:
    Feb 22, 2010
    Location:
    Los Angeles, CA
    #12
    Those permissions were off and have now been fixed, will try to SSH in a moment...
     
  13. LPZ macrumors 65816

    Joined:
    Jul 11, 2006
    #13
    You need to change permissions on those keys.

    In Terminal, enter

    Code:
    cd /etc; sudo chmod 600 ssh_host_rsa_key ssh_host_dsa_key
    Enter your password when requested. This will set the correct permissions on those key files.
     
  14. mar2194 thread starter macrumors member

    mar2194

    Joined:
    Feb 22, 2010
    Location:
    Los Angeles, CA
    #14
    Okay I'm going to say it, I love you guys! <3 :)

    Sooo.... props go to stomer and LPZ (LPZ I figured it out while you were writing your post on my own).

    Stomer get's props because I figured it out using output from console. I never really used console before... great thing to know about!

    LPZ's last post is the solution to the problem.

    Thanks so much, now I am finally going to be able to relax! It's been bothering me for almost two weeks now. So glad I used these forums!

    Instead of 600 I changed the permissions first a-rwx, then u+rwx. Then I tried again... and it worked. Woohoo

    Again, props to LPZ and stomer
     

Share This Page