ssh not authorizing though password is right

Discussion in 'macOS' started by prtc, Aug 25, 2010.

  1. prtc macrumors newbie

    Joined:
    Jan 26, 2009
    #1
    hello,

    i'm lost. i can't ssh to my mac anymore, it returns "Permission denied (publickey,password,keyboard-interactive)" although i'm sure i'm entering the right password. i tried to ssh locally too (ssh myusername@localhost), same result.

    it used to work and i don't remember fiddling with anything close to that. maybe a system update? running 10.5.8.

    thx for any help
     
  2. LPZ macrumors 65816

    Joined:
    Jul 11, 2006
    #2

    Use ssh -vvv to get a lot of possibly helpful debugging info. Post here and maybe someone can help.
     
  3. larkost macrumors 6502a

    Joined:
    Oct 13, 2007
    #3
    The best troubleshooting step for this is to look in the secure.log on the computer you are trying to get into. That usually states the reason why the login was denied in pretty plain terms.
     
  4. prtc thread starter macrumors newbie

    Joined:
    Jan 26, 2009
    #4
    hello,

    secure.log says i failed password, but i'm pretty sure it is all right, it's the same i use to login or unlock screen all the time every day (or at least it used to be):

    $ tail /private/var/log/secure.log
    Aug 26 14:15:38 arya sshd[446]: Failed password for pcoelho from ::1 port 49367 ssh2
    Aug 26 14:16:08: --- last message repeated 2 times ---


    here goes the output from ssh -vvv:

    $ssh -vvv pcoelho@localhost
    OpenSSH_5.2p1, OpenSSL 0.9.7l 28 Sep 2006
    debug1: Reading configuration data /etc/ssh_config
    debug1: Applying options for *
    debug2: ssh_connect: needpriv 0
    debug1: Connecting to localhost [::1] port 22.
    debug1: Connection established.
    debug1: identity file /Users/pcoelho/.ssh/identity type -1
    debug3: Not a RSA1 key file /Users/pcoelho/.ssh/id_rsa.
    debug2: key_type_from_name: unknown key type '-----BEGIN'
    debug3: key_read: missing keytype
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug2: key_type_from_name: unknown key type '-----END'
    debug3: key_read: missing keytype
    debug1: identity file /Users/pcoelho/.ssh/id_rsa type 1
    debug1: identity file /Users/pcoelho/.ssh/id_dsa type -1
    debug1: Remote protocol version 2.0, remote software version OpenSSH_5.2
    debug1: match: OpenSSH_5.2 pat OpenSSH*
    debug1: Enabling compatibility mode for protocol 2.0
    debug1: Local version string SSH-2.0-OpenSSH_5.2
    debug2: fd 3 setting O_NONBLOCK
    debug1: SSH2_MSG_KEXINIT sent
    debug1: SSH2_MSG_KEXINIT received
    debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
    debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
    debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
    debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
    debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
    debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
    debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
    debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
    debug2: kex_parse_kexinit:
    debug2: kex_parse_kexinit:
    debug2: kex_parse_kexinit: first_kex_follows 0
    debug2: kex_parse_kexinit: reserved 0
    debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
    debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
    debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
    debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
    debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
    debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
    debug2: kex_parse_kexinit: none,zlib@openssh.com
    debug2: kex_parse_kexinit: none,zlib@openssh.com
    debug2: kex_parse_kexinit:
    debug2: kex_parse_kexinit:
    debug2: kex_parse_kexinit: first_kex_follows 0
    debug2: kex_parse_kexinit: reserved 0
    debug2: mac_setup: found hmac-md5
    debug1: kex: server->client aes128-ctr hmac-md5 none
    debug2: mac_setup: found hmac-md5
    debug1: kex: client->server aes128-ctr hmac-md5 none
    debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
    debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
    debug2: dh_gen_key: priv key bits set: 125/256
    debug2: bits set: 493/1024
    debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
    debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
    debug3: check_host_in_hostfile: filename /Users/pcoelho/.ssh/known_hosts
    debug3: check_host_in_hostfile: match line 3
    debug1: Host 'localhost' is known and matches the RSA host key.
    debug1: Found key in /Users/pcoelho/.ssh/known_hosts:3
    debug2: bits set: 509/1024
    debug1: ssh_rsa_verify: signature correct
    debug2: kex_derive_keys
    debug2: set_newkeys: mode 1
    debug1: SSH2_MSG_NEWKEYS sent
    debug1: expecting SSH2_MSG_NEWKEYS
    debug2: set_newkeys: mode 0
    debug1: SSH2_MSG_NEWKEYS received
    debug1: SSH2_MSG_SERVICE_REQUEST sent
    debug2: service_accept: ssh-userauth
    debug1: SSH2_MSG_SERVICE_ACCEPT received
    debug2: key: /Users/pcoelho/.ssh/identity (0x0)
    debug2: key: /Users/pcoelho/.ssh/id_rsa (0x107ef0)
    debug2: key: /Users/pcoelho/.ssh/id_dsa (0x0)
    debug1: Authentications that can continue: publickey,password,keyboard-interactive
    debug3: start over, passed a different list publickey,password,keyboard-interactive
    debug3: preferred gssapi-with-mic,publickey,keyboard-interactive,password
    debug3: authmethod_lookup publickey
    debug3: remaining preferred: keyboard-interactive,password
    debug3: authmethod_is_enabled publickey
    debug1: Next authentication method: publickey
    debug1: Trying private key: /Users/pcoelho/.ssh/identity
    debug3: no such identity: /Users/pcoelho/.ssh/identity
    debug1: Offering public key: /Users/pcoelho/.ssh/id_rsa
    debug3: send_pubkey_test
    debug2: we sent a publickey packet, wait for reply
    debug1: Authentications that can continue: publickey,password,keyboard-interactive
    debug1: Trying private key: /Users/pcoelho/.ssh/id_dsa
    debug3: no such identity: /Users/pcoelho/.ssh/id_dsa
    debug2: we did not send a packet, disable method
    debug3: authmethod_lookup keyboard-interactive
    debug3: remaining preferred: password
    debug3: authmethod_is_enabled keyboard-interactive
    debug1: Next authentication method: keyboard-interactive
    debug2: userauth_kbdint
    debug2: we sent a keyboard-interactive packet, wait for reply
    debug1: Authentications that can continue: publickey,password,keyboard-interactive
    debug3: userauth_kbdint: disable: no info_req_seen
    debug2: we did not send a packet, disable method
    debug3: authmethod_lookup password
    debug3: remaining preferred:
    debug3: authmethod_is_enabled password
    debug1: Next authentication method: password
    pcoelho@localhost's password:
    debug3: packet_send2: adding 64 (len 60 padlen 4 extra_pad 64)
    debug2: we sent a password packet, wait for reply
    debug1: Authentications that can continue: publickey,password,keyboard-interactive
    Permission denied, please try again.
    pcoelho@localhost's password:
    debug3: packet_send2: adding 64 (len 60 padlen 4 extra_pad 64)
    debug2: we sent a password packet, wait for reply
    debug1: Authentications that can continue: publickey,password,keyboard-interactive
    Permission denied, please try again.
    pcoelho@localhost's password:
    debug3: packet_send2: adding 64 (len 60 padlen 4 extra_pad 64)
    debug2: we sent a password packet, wait for reply
    debug1: Authentications that can continue: publickey,password,keyboard-interactive
    debug2: we did not send a packet, disable method
    debug1: No more authentication methods to try.
    Permission denied (publickey,password,keyboard-interactive).
     
  5. LPZ macrumors 65816

    Joined:
    Jul 11, 2006
    #5
    Is the user name exactly right? The password? No capitalization issues? Caps lock is off? No strange keyboard encodings?

    Not sure what else to suggest, except to change your passwords and then try ssh again with the new passwords.
     
  6. tag macrumors 6502a

    tag

    Joined:
    Apr 29, 2005
    Location:
    PA, US
    #6
    Comparing the above to my ssh setup, it seems you are sending a speciific type of password packet, not a normal login password which would be signified as a keyboard-interactive password on the top line of the above quoted segment.

    Looking higher up in your -vvv segment, it shows the following...

    From the above I'm thinking maybe the ssh login is trying to use the above key with its matching password, not your system login password. If I were you I'd get rid of or better yet temporarily remove your identity and id_rsa files and see if you can login properly then.
     
  7. prtc thread starter macrumors newbie

    Joined:
    Jan 26, 2009
    #7
    i tried:

    - changing my password
    - deleting everything inside ~/.ssh
    - adding a new user with a stupid password and try to ssh with this user to localhost.

    everything failed.

    if it is the same result independently of the user, may i guess it has something to to with system-wide settings? i post them below.

    /etc/ssh_config:

    Host *
    # ForwardAgent no
    # ForwardX11 no
    # RhostsRSAAuthentication no
    # RSAAuthentication yes
    PasswordAuthentication yes
    # HostbasedAuthentication no
    GSSAPIAuthentication yes
    GSSAPIDelegateCredentials no
    # GSSAPIKeyExchange no
    # GSSAPITrustDNS no
    # BatchMode no
    # CheckHostIP yes
    # AddressFamily any
    # ConnectTimeout 0
    # StrictHostKeyChecking ask
    # IdentityFile ~/.ssh/identity
    # IdentityFile ~/.ssh/id_rsa
    # IdentityFile ~/.ssh/id_dsa
    # Port 22
    # Protocol 2,1
    # Cipher 3des
    # Ciphers aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc
    # MACs hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160
    # EscapeChar ~
    # Tunnel no
    # TunnelDevice any:any
    # PermitLocalCommand no
    SendEnv LANG LC_*
    HashKnownHosts yes

    and /etc/sshd_config

    #Port 22
    #AddressFamily any
    #ListenAddress 0.0.0.0
    #ListenAddress ::

    # Disable legacy (protocol version 1) support in the server for new
    # installations. In future the default will change to require explicit
    # activation of protocol 1
    Protocol 2

    # HostKey for protocol version 1
    #HostKey /etc/ssh_host_key
    # HostKeys for protocol version 2
    #HostKey /etc/ssh_host_rsa_key
    #HostKey /etc/ssh_host_dsa_key

    # Lifetime and size of ephemeral version 1 server key
    #KeyRegenerationInterval 1h
    #ServerKeyBits 1024

    # Logging
    # obsoletes QuietMode and FascistLogging
    SyslogFacility AUTHPRIV
    #LogLevel INFO

    # Authentication:

    #LoginGraceTime 2m
    PermitRootLogin yes
    #StrictModes yes
    #MaxAuthTries 6
    #MaxSessions 10

    #RSAAuthentication yes
    #PubkeyAuthentication yes
    #AuthorizedKeysFile .ssh/authorized_keys

    # For this to work you will also need host keys in /etc/ssh_known_hosts
    #RhostsRSAAuthentication no
    # similar for protocol version 2
    #HostbasedAuthentication no
    # Change to yes if you don't trust ~/.ssh/known_hosts for
    # RhostsRSAAuthentication and HostbasedAuthentication
    #IgnoreUserKnownHosts no
    # Don't read the user's ~/.rhosts and ~/.shosts files
    #IgnoreRhosts yes

    # To disable tunneled clear text passwords, change to no here! Also,
    # remember to set the UsePAM setting to 'no'.
    PasswordAuthentication yes
    PermitEmptyPasswords no

    # SACL options
    #SACLSupport yes

    # Change to no to disable s/key passwords
    #ChallengeResponseAuthentication yes

    # Kerberos options
    #KerberosAuthentication no
    #KerberosOrLocalPasswd yes
    #KerberosTicketCleanup yes
    #KerberosGetAFSToken no

    # GSSAPI options
    #GSSAPIAuthentication no
    #GSSAPICleanupCredentials yes
    #GSSAPIStrictAcceptorCheck yes
    #GSSAPIKeyExchange no

    # Set this to 'yes' to enable PAM authentication, account processing,
    # and session processing. If this is enabled, PAM authentication will
    # be allowed through the ChallengeResponseAuthentication and
    # PasswordAuthentication. Depending on your PAM configuration,
    # PAM authentication via ChallengeResponseAuthentication may bypass
    # the setting of "PermitRootLogin without-password".
    # If you just want the PAM account and session checks to run without
    # PAM authentication, then enable this but set PasswordAuthentication
    # and ChallengeResponseAuthentication to 'no'.
    # Also, PAM will deny null passwords by default. If you need to allow
    # null passwords, add the " nullok" option to the end of the
    # securityserver.so line in /etc/pam.d/sshd.
    UsePAM no

    #AllowAgentForwarding yes
    #AllowTcpForwarding yes
    #GatewayPorts no
    #X11Forwarding no
    #X11DisplayOffset 10
    #X11UseLocalhost yes
    #PrintMotd yes
    #PrintLastLog yes
    #TCPKeepAlive yes
    #UseLogin no
    #UsePrivilegeSeparation yes
    #PermitUserEnvironment no
    #Compression delayed
    #ClientAliveInterval 0
    #ClientAliveCountMax 3
    #UseDNS yes
    #PidFile /var/run/sshd.pid
    #MaxStartups 10
    #PermitTunnel no
    #ChrootDirectory none

    # no default banner path
    #Banner none

    # override default of no subsystems
    Subsystem sftp /usr/libexec/sftp-server

    # Example of overriding settings on a per-user basis
    #Match User anoncvs
    # X11Forwarding no
    # AllowTcpForwarding no
    # ForceCommand cvs server
     
  8. LPZ macrumors 65816

    Joined:
    Jul 11, 2006
    #8
    Just to be clear, you were also unable to ssh into a machine other than localhost?

    To simplify testing, you could save a backup copy of your current ssh_config file and then try this modified one, which disables all authentication methods other than password. Try ssh -vvv with this new ssh_config in place:

    /etc/ssh_config:

    Host *
    # ForwardAgent no
    # ForwardX11 no
    # RhostsRSAAuthentication no
    RSAAuthentication no
    PasswordAuthentication yes
    # HostbasedAuthentication no
    GSSAPIAuthentication no
    GSSAPIDelegateCredentials no
    # GSSAPIKeyExchange no
    # GSSAPITrustDNS no
    # BatchMode no
    # CheckHostIP yes
    # AddressFamily any
    # ConnectTimeout 0
    # StrictHostKeyChecking ask
    # IdentityFile ~/.ssh/identity
    # IdentityFile ~/.ssh/id_rsa
    # IdentityFile ~/.ssh/id_dsa
    # Port 22
    # Protocol 2,1
    # Cipher 3des
    # Ciphers aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc
    # MACs hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160
    # EscapeChar ~
    # Tunnel no
    # TunnelDevice any:any
    # PermitLocalCommand no
    SendEnv LANG LC_*
    HashKnownHosts yes


    By the way, you might want to disable RootLogin in sshd_config, as a security measure.
     
  9. prtc thread starter macrumors newbie

    Joined:
    Jan 26, 2009
    #9
    I do can ssh from my mac into my linux box.
    I can't ssh from my linux box into my mac, i get the same problem when i try ssh localhost on the mac.

    here it goes:

    : ssh -vvv pcoelho@localhost
    OpenSSH_5.2p1, OpenSSL 0.9.7l 28 Sep 2006
    debug1: Reading configuration data /etc/ssh_config
    debug1: Applying options for *
    debug2: ssh_connect: needpriv 0
    debug1: Connecting to localhost [::1] port 22.
    debug1: Connection established.
    debug1: identity file /Users/pcoelho/.ssh/identity type -1
    debug1: identity file /Users/pcoelho/.ssh/id_rsa type -1
    debug1: identity file /Users/pcoelho/.ssh/id_dsa type -1
    debug1: Remote protocol version 2.0, remote software version OpenSSH_5.2
    debug1: match: OpenSSH_5.2 pat OpenSSH*
    debug1: Enabling compatibility mode for protocol 2.0
    debug1: Local version string SSH-2.0-OpenSSH_5.2
    debug2: fd 3 setting O_NONBLOCK
    debug1: SSH2_MSG_KEXINIT sent
    debug1: SSH2_MSG_KEXINIT received
    debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
    debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
    debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
    debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
    debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
    debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
    debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
    debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
    debug2: kex_parse_kexinit:
    debug2: kex_parse_kexinit:
    debug2: kex_parse_kexinit: first_kex_follows 0
    debug2: kex_parse_kexinit: reserved 0
    debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
    debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
    debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
    debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
    debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
    debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
    debug2: kex_parse_kexinit: none,zlib@openssh.com
    debug2: kex_parse_kexinit: none,zlib@openssh.com
    debug2: kex_parse_kexinit:
    debug2: kex_parse_kexinit:
    debug2: kex_parse_kexinit: first_kex_follows 0
    debug2: kex_parse_kexinit: reserved 0
    debug2: mac_setup: found hmac-md5
    debug1: kex: server->client aes128-ctr hmac-md5 none
    debug2: mac_setup: found hmac-md5
    debug1: kex: client->server aes128-ctr hmac-md5 none
    debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
    debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
    debug2: dh_gen_key: priv key bits set: 133/256
    debug2: bits set: 503/1024
    debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
    debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
    debug3: check_host_in_hostfile: filename /Users/pcoelho/.ssh/known_hosts
    debug3: check_host_in_hostfile: match line 1
    debug1: Host 'localhost' is known and matches the RSA host key.
    debug1: Found key in /Users/pcoelho/.ssh/known_hosts:1
    debug2: bits set: 518/1024
    debug1: ssh_rsa_verify: signature correct
    debug2: kex_derive_keys
    debug2: set_newkeys: mode 1
    debug1: SSH2_MSG_NEWKEYS sent
    debug1: expecting SSH2_MSG_NEWKEYS
    debug2: set_newkeys: mode 0
    debug1: SSH2_MSG_NEWKEYS received
    debug1: SSH2_MSG_SERVICE_REQUEST sent
    debug2: service_accept: ssh-userauth
    debug1: SSH2_MSG_SERVICE_ACCEPT received
    debug2: key: /Users/pcoelho/.ssh/identity (0x0)
    debug2: key: /Users/pcoelho/.ssh/id_rsa (0x0)
    debug2: key: /Users/pcoelho/.ssh/id_dsa (0x0)
    debug1: Authentications that can continue: publickey,password,keyboard-interactive
    debug3: start over, passed a different list publickey,password,keyboard-interactive
    debug3: preferred publickey,keyboard-interactive,password
    debug3: authmethod_lookup publickey
    debug3: remaining preferred: keyboard-interactive,password
    debug3: authmethod_is_enabled publickey
    debug1: Next authentication method: publickey
    debug1: Trying private key: /Users/pcoelho/.ssh/identity
    debug3: no such identity: /Users/pcoelho/.ssh/identity
    debug1: Trying private key: /Users/pcoelho/.ssh/id_rsa
    debug3: no such identity: /Users/pcoelho/.ssh/id_rsa
    debug1: Trying private key: /Users/pcoelho/.ssh/id_dsa
    debug3: no such identity: /Users/pcoelho/.ssh/id_dsa
    debug2: we did not send a packet, disable method
    debug3: authmethod_lookup keyboard-interactive
    debug3: remaining preferred: password
    debug3: authmethod_is_enabled keyboard-interactive
    debug1: Next authentication method: keyboard-interactive
    debug2: userauth_kbdint
    debug2: we sent a keyboard-interactive packet, wait for reply
    debug1: Authentications that can continue: publickey,password,keyboard-interactive
    debug3: userauth_kbdint: disable: no info_req_seen
    debug2: we did not send a packet, disable method
    debug3: authmethod_lookup password
    debug3: remaining preferred:
    debug3: authmethod_is_enabled password
    debug1: Next authentication method: password
    pcoelho@localhost's password:
    debug3: packet_send2: adding 64 (len 60 padlen 4 extra_pad 64)
    debug2: we sent a password packet, wait for reply
    debug1: Authentications that can continue: publickey,password,keyboard-interactive
    Permission denied, please try again.
    pcoelho@localhost's password:
    debug3: packet_send2: adding 64 (len 60 padlen 4 extra_pad 64)
    debug2: we sent a password packet, wait for reply
    debug1: Authentications that can continue: publickey,password,keyboard-interactive
    Permission denied, please try again.
    pcoelho@localhost's password:
    debug3: packet_send2: adding 64 (len 60 padlen 4 extra_pad 64)
    debug2: we sent a password packet, wait for reply
    debug1: Authentications that can continue: publickey,password,keyboard-interactive
    debug2: we did not send a packet, disable method
    debug1: No more authentication methods to try.
    Permission denied (publickey,password,keyboard-interactive).


    I did, thanks.
     
  10. LPZ macrumors 65816

    Joined:
    Jul 11, 2006
    #10
    Oh. Then we probably should be focusing on that sshd_config on the mac. Let me take another look. Maybe someone else can spot something too.

    By the way, did you keep a backup copy of the original sshd_config file, before you edited? If so, you can swap it back into place and test again.

    [EDIT] I guess it would make sense to disable all authentication options except password in that sshd_config file. Then reboot and try ssh -vvv to localhost again.
     
  11. prtc thread starter macrumors newbie

    Joined:
    Jan 26, 2009
    #11
    actually, is rebooting the only way to restart ssh daemon? i've been disabling and enabling remote login in system preferences to "restart" sshd. maybe i'm not really testing what i edited in the config files after all...
     
  12. Guiyon macrumors 6502a

    Joined:
    Mar 19, 2008
    Location:
    North Shore, MA
    #12
    I'd try removing the 'UsePAM no' line. IIRC, UsePAM defaults to yes on Mac OS X and that could be the reason why you can't login (no userdb/passdb backend!).
     
  13. LPZ macrumors 65816

    Joined:
    Jul 11, 2006
    #13
    That should also work to stop/start sshd.

    You recall correctly. Thanks.
     
  14. prtc thread starter macrumors newbie

    Joined:
    Jan 26, 2009
    #14
    it worked! many thx!!

    no idea why that line ended up there, or actually, what the heck userdb/passdb backend means, but that's less important... :)
     

Share This Page