Skip navigation

How to config ssh ?

4792 Views 39 Replies Latest reply: Mar 12, 2013 5:49 PM by Ciarals RSS
  • japamac Level 7 Level 7 (24,390 points)
    Currently Being Moderated
    Dec 31, 2012 4:54 PM (in response to liv04soccer)

    You're not a pain, you're just learning.

  • Alberto Ravasio Level 4 Level 4 (3,160 points)
    Currently Being Moderated
    Jan 1, 2013 3:01 AM (in response to liv04soccer)

    Get TextWrangler it's an editor more user friendly for you.

     

    I'll be back after lunch.

  • Alberto Ravasio Level 4 Level 4 (3,160 points)
    Currently Being Moderated
    Jan 1, 2013 4:50 AM (in response to liv04soccer)

    This step must be done on the Mac that will act as SSH server, that is the computer you are going to connect to from a remote computer, either on your LAN or everywhere in the world.

     

    Is up to you to correctly configure your router to accept requests from the Internet and forward them to the right LAN IP address computer.

     

    First of all make a copy of the original sshd_config.

     

    Open Terminal. Copy and paste the following line, hit return at the end

     

    sudo cp -p /etc/sshd_config /etc/sshd_config-original;ls -la /etc/sshd*
    

     

    Your output should look like this. Size (3698) and date/time may be different for you, nevertheless the 2 lines must be equal.

     

    -rw-r--r--  1 root  wheel  3698  8 Dic 11:56 sshd_config

    -rw-r--r--  1 root  wheel  3698  8 Dic 11:56 sshd_config-original

     


    iMac, OS X Mountain Lion (10.8.2), iMac12,1
  • Alberto Ravasio Level 4 Level 4 (3,160 points)
    Currently Being Moderated
    Jan 1, 2013 6:59 AM (in response to liv04soccer)

    Step 2 - Key pair

     

    You should generate the key pair on the computer that is used as client to connect to the SSH server.

    In reality it doesn't matter where you generate the keys, but for practical use do it on the client.

     

    The following instructions applies on the majority of unixes, OS X included. I won't cover Windows here.

     

    Open Terminal. Copy and paste the line below. Hit return at the end

     

    ssh-keygen -t dsa

     

    Your output should look like this

     

    Generating public/private dsa key pair.
    Enter file in which to save the key (/Users/xxxx/.ssh/id_dsa): 
    Created directory '/Users/xxxx/.ssh'.
    Enter passphrase (empty for no passphrase): 
    Enter same passphrase again: 
    Your identification has been saved in /Users/xxxx/.ssh/id_dsa.
    Your public key has been saved in /Users/xxxx/.ssh/id_dsa.pub.
    The key fingerprint is:
    f9:08:6b:01:b8:03:9a:5e:3d:ce:d8:93:17:56:b3:eb xxxx@iMac.local
    The key's randomart image is:
    +--[ DSA 1024]----+
    |                 |
    |   .             |
    |. . .    o       |
    |.o ...  ..o      |
    |o o. oooS.       |
    |. ..= ++.o.      |
    | . . *o....      |
    |     .o .        |
    |         E       |
    +-----------------+
    

     

    What you get.

    inside your home folder will be created a new hidden folder named .ssh

    .ssh contains 2 files

    • id_dsa (private key. Keep this file secure. Never give it to anyone)
    • id_dsa.pub (public key. It is useless without the private key)

     

    For security reason you should provide a password (passphrase) that locks the private key. If you do, don't foget it

     

    Last step, is to copy the public key, id_dsa.pub, on the server. You can use a USB stick to facilitate the task.

     

    Once on the server drag and drop, from the USB stick, id_dsa.pub onto the Desktop.

    Open Terminal. Copy and paste the following line

     

    mkdir ~/.ssh;chmod 700 ~/.ssh;cat ~/Desktop/id_dsa.pub >> ~/.ssh/authorized.keys;chmod 600 ~/.ssh/authorized.keys
    

     

    You probably get some errors if .ssh already exists on the SSH server. Do not care about that

    iMac, OS X Mountain Lion (10.8.2), iMac12,1
  • Alberto Ravasio Level 4 Level 4 (3,160 points)
    Currently Being Moderated
    Jan 1, 2013 8:32 AM (in response to liv04soccer)

    Step 3 - Edit sshd_config

     

    This must be done on the SSH server

     

    Open TextWrangler. File, Open, see the picture below to get to sshd_config. Steps are numbered from 1 to 6

    001.png

     

    When you try to edit the file, the following panel will pop up. Click Unlock

     

    002.png

     

    Search for the following 3 lines

     

    #PermitRootLogin yes

    #PasswordAuthentication no

    #ChallengeResponseAuthentication yes

     

    Change them as

     

    PermitRootLogin no

    PasswordAuthentication no

    ChallengeResponseAuthentication no

     

    To save the file you must provide your admin username and password

     

    003.png

     

    Close TexWrangler.

     

    You're done.

    Changes should be in place at once without further actions. To be sure, stop and restart Remote Login in System Preferences, Sharing.

     

    Testing time. Go to the ssh client

     

    Open Terminal. Type

     

    ssh user@sshserver

     

    change user with the username on the server and sshserver with the sshserver name or its IP adress

    If everything was fine you are connected to the ssh server and no password was required, except for your private key passphrase if you set it up, because the DSA private key worked that out for you.

    iMac, OS X Mountain Lion (10.8.2), iMac12,1
  • Alberto Ravasio Level 4 Level 4 (3,160 points)
    Currently Being Moderated
    Jan 8, 2013 1:05 PM (in response to liv04soccer)

    Did you create on the server the file ~/.ssh/authorized.keys with the client public key?

     

    Check again my post Step 2 - Key pair

    iMac, OS X Mountain Lion (10.8.2), iMac12,1
  • Alberto Ravasio Level 4 Level 4 (3,160 points)
    Currently Being Moderated
    Jan 8, 2013 2:03 PM (in response to liv04soccer)

    On your MacPro open Terminal and issue

     

    ls -la ~/.ssh

     

    Post here the result

    iMac, OS X Mountain Lion (10.8.2), iMac12,1
  • Alberto Ravasio Level 4 Level 4 (3,160 points)
    Currently Being Moderated
    Jan 8, 2013 2:15 PM (in response to liv04soccer)

    If you do on the server in Terminal

     

    cat ~/.ssh/authorized.keys

     

    and on the client in Terminal

     

    cat ~/.ssh/id_dsa.pub

     

    they are exactly the same?

    iMac, OS X Mountain Lion (10.8.2), iMac12,1

Actions

More Like This

  • Retrieving data ...

Bookmarked By (0)

Legend

  • This solved my question - 10 points
  • This helped me - 5 points
This site contains user submitted content, comments and opinions and is for informational purposes only. Apple disclaims any and all liability for the acts, omissions and conduct of any third parties in connection with or related to your use of the site. All postings and use of the content on this site are subject to the Apple Support Communities Terms of Use.