1 2 3 Previous Next 39 Replies Latest reply: Mar 12, 2013 5:49 PM by Ciarals Go to original post
  • 15. Re: How to config ssh ?
    liv04soccer Level 1 Level 1 (0 points)

    So I figured out how to view the config file thanks to Japmac with the pico command. But I still don't know how to edit, backup or save the config file.

     

    So far I generated the DSA keys, but don't know what to do with them.

     

    Thank you both for all your help sorry again for being such a pain just not familiar with Terminal.

     

    Thanks Alberto for showing me how to generate DSA keys.

  • 16. Re: How to config ssh ?
    japamac Level 7 Level 7 (24,390 points)

    You're not a pain, you're just learning.

  • 17. Re: How to config ssh ?
    Alberto Ravasio Level 4 Level 4 (3,175 points)

    Get TextWrangler it's an editor more user friendly for you.

     

    I'll be back after lunch.

  • 18. Re: How to config ssh ?
    Alberto Ravasio Level 4 Level 4 (3,175 points)

    This step must be done on the Mac that will act as SSH server, that is the computer you are going to connect to from a remote computer, either on your LAN or everywhere in the world.

     

    Is up to you to correctly configure your router to accept requests from the Internet and forward them to the right LAN IP address computer.

     

    First of all make a copy of the original sshd_config.

     

    Open Terminal. Copy and paste the following line, hit return at the end

     

    sudo cp -p /etc/sshd_config /etc/sshd_config-original;ls -la /etc/sshd*
    

     

    Your output should look like this. Size (3698) and date/time may be different for you, nevertheless the 2 lines must be equal.

     

    -rw-r--r--  1 root  wheel  3698  8 Dic 11:56 sshd_config

    -rw-r--r--  1 root  wheel  3698  8 Dic 11:56 sshd_config-original

     


  • 19. Re: How to config ssh ?
    Alberto Ravasio Level 4 Level 4 (3,175 points)

    Step 2 - Key pair

     

    You should generate the key pair on the computer that is used as client to connect to the SSH server.

    In reality it doesn't matter where you generate the keys, but for practical use do it on the client.

     

    The following instructions applies on the majority of unixes, OS X included. I won't cover Windows here.

     

    Open Terminal. Copy and paste the line below. Hit return at the end

     

    ssh-keygen -t dsa

     

    Your output should look like this

     

    Generating public/private dsa key pair.
    Enter file in which to save the key (/Users/xxxx/.ssh/id_dsa): 
    Created directory '/Users/xxxx/.ssh'.
    Enter passphrase (empty for no passphrase): 
    Enter same passphrase again: 
    Your identification has been saved in /Users/xxxx/.ssh/id_dsa.
    Your public key has been saved in /Users/xxxx/.ssh/id_dsa.pub.
    The key fingerprint is:
    f9:08:6b:01:b8:03:9a:5e:3d:ce:d8:93:17:56:b3:eb xxxx@iMac.local
    The key's randomart image is:
    +--[ DSA 1024]----+
    |                 |
    |   .             |
    |. . .    o       |
    |.o ...  ..o      |
    |o o. oooS.       |
    |. ..= ++.o.      |
    | . . *o....      |
    |     .o .        |
    |         E       |
    +-----------------+
    

     

    What you get.

    inside your home folder will be created a new hidden folder named .ssh

    .ssh contains 2 files

    • id_dsa (private key. Keep this file secure. Never give it to anyone)
    • id_dsa.pub (public key. It is useless without the private key)

     

    For security reason you should provide a password (passphrase) that locks the private key. If you do, don't foget it

     

    Last step, is to copy the public key, id_dsa.pub, on the server. You can use a USB stick to facilitate the task.

     

    Once on the server drag and drop, from the USB stick, id_dsa.pub onto the Desktop.

    Open Terminal. Copy and paste the following line

     

    mkdir ~/.ssh;chmod 700 ~/.ssh;cat ~/Desktop/id_dsa.pub >> ~/.ssh/authorized.keys;chmod 600 ~/.ssh/authorized.keys
    

     

    You probably get some errors if .ssh already exists on the SSH server. Do not care about that

  • 20. Re: How to config ssh ?
    Alberto Ravasio Level 4 Level 4 (3,175 points)

    Step 3 - Edit sshd_config

     

    This must be done on the SSH server

     

    Open TextWrangler. File, Open, see the picture below to get to sshd_config. Steps are numbered from 1 to 6

    001.png

     

    When you try to edit the file, the following panel will pop up. Click Unlock

     

    002.png

     

    Search for the following 3 lines

     

    #PermitRootLogin yes

    #PasswordAuthentication no

    #ChallengeResponseAuthentication yes

     

    Change them as

     

    PermitRootLogin no

    PasswordAuthentication no

    ChallengeResponseAuthentication no

     

    To save the file you must provide your admin username and password

     

    003.png

     

    Close TexWrangler.

     

    You're done.

    Changes should be in place at once without further actions. To be sure, stop and restart Remote Login in System Preferences, Sharing.

     

    Testing time. Go to the ssh client

     

    Open Terminal. Type

     

    ssh user@sshserver

     

    change user with the username on the server and sshserver with the sshserver name or its IP adress

    If everything was fine you are connected to the ssh server and no password was required, except for your private key passphrase if you set it up, because the DSA private key worked that out for you.

  • 21. Re: How to config ssh ?
    liv04soccer Level 1 Level 1 (0 points)

    Thank you Thank You Thank you guys so much this is very helpful Thanks for the pictures and the wonderful guide you don't know how happy you guys made me. This was bugging me for awhile now. :) :) :) :) you guys rock.

  • 22. Re: How to config ssh ?
    liv04soccer Level 1 Level 1 (0 points)

    Everything seems to be working but when I try to connect from my client to my server, I am getting denied public key in Terminal.

  • 23. Re: How to config ssh ?
    liv04soccer Level 1 Level 1 (0 points)

    I am looking in Console and I do see that when I try to connect I get  

    1/8/13 5:12:08 AMsandboxd[1271]sshd(1273) deny mach-per-user-lookup
  • 24. Re: How to config ssh ?
    Alberto Ravasio Level 4 Level 4 (3,175 points)

    Did you create on the server the file ~/.ssh/authorized.keys with the client public key?

     

    Check again my post Step 2 - Key pair

  • 25. Re: How to config ssh ?
    liv04soccer Level 1 Level 1 (0 points)

    Yes I generated the keys on the client computer. Then transferred the public key over to my Macpro which is my server.

     

    Then I ran your command

     

    mkdir ~/.ssh;chmod 700 ~/.ssh;cat ~/Desktop/id_dsa.pub >> ~/.ssh/authorized.keys;chmod 600 ~/.ssh/authorized.keys

     

    And it came up with a error saying file exist which you said to ingore.

  • 26. Re: How to config ssh ?
    Alberto Ravasio Level 4 Level 4 (3,175 points)

    On your MacPro open Terminal and issue

     

    ls -la ~/.ssh

     

    Post here the result

  • 27. Re: How to config ssh ?
    liv04soccer Level 1 Level 1 (0 points)

    Here is what came up

     

     

    total 48

    drwx------   9 macpro  staff   306 Jan  8 04:00 .

    drwxr-xr-x+ 51 macpro  staff  1734 Jan  8 10:46 ..

    -rw-------@  1 macpro  staff  6148 Dec 31 16:03 .DS_Store

    -rw-------   1 macpro  staff   621 Jan  8 04:00 authorized.keys

    -rw-r--r--   1 macpro  staff     0 Dec 30 13:36 config

    -rw-------   1 macpro  staff   736 Dec 31 15:41 id_dsa

    -rw-r--r--   1 macpro  staff   616 Dec 31 15:41 id_dsa.pub

    drwxr-xr-x   5 macpro  staff   170 Dec 31 16:03 key_backup

    -rw-r--r--   1 macpro  staff   391 Dec 29 18:31 known_hosts

  • 28. Re: How to config ssh ?
    Alberto Ravasio Level 4 Level 4 (3,175 points)

    If you do on the server in Terminal

     

    cat ~/.ssh/authorized.keys

     

    and on the client in Terminal

     

    cat ~/.ssh/id_dsa.pub

     

    they are exactly the same?

  • 29. Re: How to config ssh ?
    liv04soccer Level 1 Level 1 (0 points)

    Yes they are the same.

     

    I generated keys on my server too when you were helping me out earlier in the post so I don't know if that's conflicting with anything in the .ssh folder.

     

    Didn't know the keys had to be generated on the client computer.