Ssh

jdog

Not a Moderator
Has anyone else had any problems with SSH since they updated to 10.0.4? I cannot connect to localhost now. I tried the -1 option that I have seen, but that didn't help. And when I type sshd at the c.p. it says it cannot load the host keys. I tried to generate new keys but that did not help. This really pisses me off. Everything worked fine before the update.

-jdog
 
Are you running sshd at the CP, or was that just a typo? If you run sshd as non-root, it should complain, as the host keys are readable only to root. The startup scripts for ssh in /System/Library/StartupItems/SSH/ will generate any missing keys when necessary.
 
Good vall blb, when I run sshd or the SSH script as root, it doesn't complain. But I still can't ssh to localhost?

-jdog
 
One thing to try when debugging ssh problems is the -v switch:

ssh -v hostname

will print out extra debug info...you can also do 'ssh -v -v' and 'ssh -v -v -v' for tons & tons of stuff.

Is there any useful info when you try ssh -v?
 
debug1: Rhosts Authentication disabled, originating port will not be trusted.
debug1: restore_uid
debug1: ssh_connect: getuid 501 geteuid 501 anon 1
debug1: Trying again...
debug1: Trying again...
debug1: Trying again...
Secure connection to localhost refused.
debug1: writing PRNG seed to file /Users/jdog/.ssh/prng_seed

Thats seems to be the "meat" of what I get with verbose. Whats the deal with the Rhosts thing? Have any ideas?

-jdog


 
The "Secure connection to localhost refused." says that sshd isn't running, or at least isn't accepting any connections. If it shows in a ps, something really odd happened; otherwise, a "sudo sshd" should fix that. And just to be thorough, on a reboot, "Allow remote login" is checked in the Sharing preferences, right?

As far as the rhosts thing, that allows authentication to be based entirely on your user name and the machine you're coming from (which can be spoofed, so is not secure). By default, this option is disabled in the server part of ssh, so it shouldn't matter whether the client enables or disables it.
 
When I run top, its shows sshd in the list. Thats what i don't understand, why would sshd not be accepting connections? I tried reinstalling the patch to see if maybe something was not installed right, but it does the same thing.

-jdog:mad:
 
That's definitely odd. Does 'telnet localhost 22' connect and print:

Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
SSH-1.99-OpenSSH_2.9p1

or

Trying 127.0.0.1...
telnet: Unable to connect to remote host: Connection refused


If the first, I'm completely confused...if the second, then for some reason sshd isn't listening on the standard port. Has anything in /etc/sshd_config been changed by you or an app (specifically, the Port directive, which should be 22)? It looks as if /etc/sshd_config should have been overwritten by the 10.0.4 update, with a date of June 8.
 
HAHA, am I an idiot or what. I had added something to hostname in netinfo manager so that I would have an alias for my machine. After I did that, I could still ping localhost so I assumed it was being resolved ok. I even telneted to localhost on 22 and got the ssh prompt. But when I go in and change the stuff I had altered, it works. :) Don't I feel stupid.

Thanks for you help blb!
-jdog

 
Back
Top