Don't use telnet!

Here is what I got when I did excatly what you described.

error: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
error: @ WARNING: UNPROTECTED PRIVATE KEY FILE! @
error: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
error: Bad ownership or mode(0644) for '/etc/ssh_host_key'.
error: It is recommended that your private key files are NOT accessible by others.
error: Could not load host key: /etc/ssh_host_key: Undefined error: 0
Disabling protocol version 1
error: Could not load DSA host key: /etc/ssh_host_dsa_key
Disabling protocol version 2
sshd: no hostkeys available -- exiting.
sshd: no hostkeys available -- exiting.

What now?
 
Hmm... I don't remember having to do this, but what happened is that your keyfile is currently readable by all, which is bad, and SSHd don't like that.

Go to the terminal, and type "cd /etc". Type "su" to get root access, and enter your password.
Then type "chmod go-rwx ssh_host_key". This will make the file readable only by its owner, root.

SSHd should like you better now. Try to run it again.

Chris
 
Originally posted by Pascal
I have also been lost when it comes to encryption keys. Shouldn't the user know what that encryption key is ? Is that key personnal to me or to my computer ?

An encryption key is, as I understand it, basically a pair of huge, randomly generated prime numbers. I don't remember how it works exactly, but the fact that it is a pair is extremely important. One key is the public key, which anyone can have, and one is private, which only the owner of the key can have. When something is encrypted using the public key, the only way to read it again is to decrypt it using the private key, and vice versa. I'm not sure exactly how this applies to SSH, but I know that it works somehow. And it wouldn't help you to know what the encryption key is: it's just a big number. Also, a new encryption key will automatically be generated each hour, though for some reason you have to manually create thi first one.

What would happen if I entered a passphrase ?

I don't know. I just know that you're not supposed to. :)

Chris
 
Originally posted by jwalcik
where does /etc/hostconfig look for it's startup scripts?

Actually it is the other way around
/System/Library/StartupItems/
Are the startupscripts for OSX
In it's subfolder SSH you can find the one for SSH . You will see that it checks the hostconfig file if SSHSERVER=-YES-
 
It's finished, it's finished! It's finished! My new UNIVAC program. It's called "Boxes That Change Size And Have Info. In Them"! I've been locked in the basement for 30 years, and it works like a charm! I wrote it in binary. It works good. Who's the President now? And what's a Mac? I haven't spoken to a human being in 30 years except for the pizza guy, pardon me, pardon me.... wheeeze, cough cough.
 
I had to generate another Host_Key.
I added it to my hostconfig and all is well.

thnks to everybody for all you help.

joseph
 
I su to root. I went into my etc directory and typed "ssh-keygen -q -f ssh_host_key" It asked for a passphrase and i pressed enter. it asked again, and i pressed enter again. it went to to the command line. i typed sshd. then it gave me an error:
"error: Could not load DSA host key: /etc/ssh_host_dsa_key
Disabling protocol version 2"
What do i do now?
 
Does OS X come with a firewall ???
If so how can I configure it ??? (When I get the final release and my pppconnect actually works :p)
But seriously I am an intermediate unix user and I want to
know how to configure my firewall (if there is one)
Does apple plan to have a GUI utility for aiding people set
up their firewall ?

--> in the past I used linux for a year but nomatter what I did it would not recognize my internal 56K modem... never got online so I did not play with online stuff in linux :p <--


Admiral
 
http://www.versiontracker.com/moreinfo.fcgi?id=9103

Check that one out, a GUI for IPFW

I tried it, mucked up my apache and had to flush ipfw, but then, I know nothing about Unix :]

Try it people! Let me know how it turns out.

Regards,
Russ...
ruzz@mac.com
 
Ok,

now that we are knee deep in the issue...

I've been trying to connect in MacOS X with ssh... if I try that back in 9 using Nifty Telnet it works flawlessly. yeah.
but if i try to use ssh on X it warns me the destination host is not in the list of known hosts (or something like that).

I've checked the man pages but did not make much sense of them, anyway I checked out the 'suspicious' make-ssh-known-hosts perl script available on my system, but it does not work and I don't seem to find many docs on the issue. Do I have to manually get the public key of the destination host?

I can get the public host key first by connecting to the server with nifty in 9 and pasting back to a X config file, but I not so sure the format is the same...


Any ideas? Am I missing the obvious?

dani++
 
regarding my previous post... I was really missing the obvious.

just before building a known_hosts file by hand, i checked again ssh and when presented with the prompt:
Host key not found from the list of known hosts.
Are you sure you want to continue connecting (yes/no)? y
Are you sure you want to continue connecting (yes/no)?

just answered 'yes' instead of 'y' or 'Y' and it just worked!!! *yes*, not *y* or *Y*! Sshit, ssh is really convoluted, isn't it!?! Someone should really modify the source and change that!

It then automatically retrieved the host public key and added it to my 'known_hosts' file... it would just have worked on the first try, so uncommon.


dani++
 
I came across a problem when I run sshd. Every time I run it, it tells me "error: Could not load DSA host key: /etc/ssh_host_dsa_key
Disabling protocol version 2"
How do I make a "DSA host key?" Has anyone had this problem?
 
Originally posted by fintler
It kind of annoys me that apple still doesn't have sshd running by default.

Running any network service by default is bad for system security. That includes sshd.

However, the plan going forward is that the UI controls for remote login will enable sshd instead of telnetd; telnet is deprecated in Mac OS X. ssh got into the Mac OS X build just before Beta shipped, so there wasn't much time to get everything else (like control panels) into place as well.
 
Originally posted by MeanGoat
Welcome to the wonderful world of Unix, try the man pages, apropos it.

The whole point of being a Mac user instead of a Unix user is that we don't wish to have to refer to man pages and edit config files. That is _so_ 20th century. Where's the Control Panel for it?
 
Originally posted by Tim Kelly
Originally posted by MeanGoat
Welcome to the wonderful world of Unix, try the man pages, apropos it.

The whole point of being a Mac user instead of a Unix user is that we don't wish to have to refer to man pages and edit config files. That is _so_ 20th century. Where's the Control Panel for it?

I'll write it as soon as someone teaches me some perl and objective C. I've got the motivation, but where are the easy as pie tutorials (atleast for Obj C). I learned java pretty easily, but where is the step by step walkthrough for Obj C? If the language is taught, and it is easy to learn, more people will learn to program on the mac, more programs will be produced, and the obvious conclusion is that apple buys out microsoft somewher aroun 2050.

F-bacher
 
Remember, I'm getting this from a FreeBSD box, but since they both use OpenSSH it should work fine..
extracted from /etc/rc.network on FreeBSD..

/etc/rc.network: if [ ! -f /etc/ssh/ssh_host_key ]; then
/etc/rc.network: echo ' creating ssh RSA host key';
/etc/rc.network: /usr/bin/ssh-keygen -N "" -f /etc/ssh/ssh_host_key

Okay..
Therefore, the following generates an RSA key as stated above..

ssh-keygen -N "" -f /etc/ssh_host_key

for DSA (ssh2):

/etc/rc.network: echo ' creating ssh DSA host key';
/etc/rc.network: /usr/bin/ssh-keygen -d -N "" -f /etc/ssh/ssh_host_dsa_key

Therefore again

ssh-keygen -d -N "" -f /etc/ssh_host_dsa_key


<BOLD>The Bottom Line!</BOLD>
SSH is enabled as previously stated using /etc/hostconfig as far as I know..

to generate host keys you must simply use these commands..

<BOLD>ssh-keygen -N "" -f /etc/ssh_host_key</BOLD>
<BOLD>ssh-keygen -d -N "" -f /etc/ssh_host_dsa_key</BOLD>

YOu shouldn't have to reboot after this, just start sshd manually by running the sshd binary which can be found using <BOLD>find / -name "sshd"</BOLD> assuming it's called sshd on OS X.. Anyway, i'm interested in trying out OS X so it probably means i'll end up buying a mac and using it then I might have some more useful input.. But I hope this helps everyone out :)

Cheers,
JD (geniusj@ods.org)
 
wsanchez wrote :
Running any network service by default is bad for system security. That includes sshd.

However, the plan going forward is that the UI controls for remote login will enable sshd instead of telnetd; telnet is deprecated in Mac OS X. ssh got into the Mac OS X build just before Beta shipped, so there wasn't much time to get everything else (like control panels) into place as well.
A comment by Mr Sanchez means that at least one person at Apple is actually reading these forums ! Great !!! That means that our comments, suggestions and fears are "at risk" of being taken into consideration !!! ;)
 
Okay, I edited my /etc/hostconfig file to enable ssh. No problem. I downloaded an ssh(1) client from F-Secure's webpage, installed it on my OS 8.6 machine, and it worked great. It generated some huge RSA key, I logged into my OS X box, and life was good. The only problem is, F-Secure's ssh client is a 30-day trial version, and buying the thing costs a hundred and twenty bucks! Which seems ridiculous, since the ssh SERVER is free.

So---does anyone know of a free or shareware SSH(1) client that will run under OS 9 or earlier?
 
Back
Top