Topic : SSH into OS X from cygwin fail: Permission denied, try again

Here's the output that I get when I run the ssh command with -vvv:


+user@xpmachine ~+
+$ ssh -vvv user@macmachine.com+
+OpenSSH_5.1p1, OpenSSL 0.9.8i 15 Sep 2008+
+debug1: Reading configuration data /etc/ssh_config+
+debug2: ssh_connect: needpriv 0+
+debug1: Connecting to macmachine.com[xxx.xxx.xxx.xxx] port 22.+
+debug1: Connection established.+
+debug1: identity file /home/user/.ssh/identity type -1+
+debug1: identity file /home/user/.ssh/id_rsa type -1+
+debug1: identity file /home/user/.ssh/id_dsa type -1+
+debug1: Remote protocol version 2.0, remote software version VShell_3_0_3_569 VS+
+****+
+debug1: no match: VShell_3_0_3_569 VShell+
+debug1: Enabling compatibility mode for protocol 2.0+
+debug1: Local version string SSH-2.0-OpenSSH_5.1+
+debug2: fd 3 setting O_NONBLOCK+
+debug1: SSH2_MSG_KEXINIT sent+
+debug1: SSH2_MSG_KEXINIT received+
+debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-g+
+roup-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1+
+debug2: kex_parse_kexinit: ssh-rsa,ssh-dss+
+debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour1+
+28,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128- c+
+tr,aes192-ctr,aes256-ctr+
+debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour1+
+28,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128- c+
+tr,aes192-ctr,aes256-ctr+
+debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160+
+,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96+
+debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160+
+,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96+
+debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib+
+debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib+
+debug2: kex_parse_kexinit:+
+debug2: kex_parse_kexinit:+
+debug2: kex_parse_kexinit: first_kex_follows 0+
+debug2: kex_parse_kexinit: reserved 0+
+debug2: kex_parse_kexinit: diffie-hellman-group1-sha1,diffie-hellman-group-excha+
+nge-sha1+
+debug2: kex_parse_kexinit: ssh-dss+
+debug2: kex_parse_kexinit: aes256-cbc,aes192-cbc,aes128-cbc,twofish-cbc,blowfish+
+-cbc,3des-cbc,arcfour+
+debug2: kex_parse_kexinit: aes256-cbc,aes192-cbc,aes128-cbc,twofish-cbc,blowfish+
+-cbc,3des-cbc,arcfour+
+debug2: kex_parse_kexinit: hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96+
+debug2: kex_parse_kexinit: hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96+
+debug2: kex_parse_kexinit: zlib@openssh.com,zlib,none+
+debug2: kex_parse_kexinit: zlib@openssh.com,zlib,none+
+debug2: kex_parse_kexinit:+
+debug2: kex_parse_kexinit:+
+debug2: kex_parse_kexinit: first_kex_follows 0+
+debug2: kex_parse_kexinit: reserved 0+
+debug2: mac_setup: found hmac-md5+
+debug1: kex: server->client aes128-cbc hmac-md5 none+
+debug2: mac_setup: found hmac-md5+
+debug1: kex: client->server aes128-cbc hmac-md5 none+
+debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent+
+debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP+
+debug2: dh_gen_key: priv key bits set: 116/256+
+debug2: bits set: 544/1025+
+debug1: SSH2_MSG_KEX_DH_GEX_INIT sent+
+debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY+
+debug3: check_host_in_hostfile: filename /home/user/.ssh/known_hosts+
+debug3: check_host_in_hostfile: match line 1+
+debug3: check_host_in_hostfile: filename /home/user/.ssh/known_hosts+
+debug3: check_host_in_hostfile: match line 1+
+debug1: Host 'macmachine.com' is known and matches the DSA host key.+
+debug1: Found key in /home/user/.ssh/known_hosts:1+
+debug2: bits set: 536/1025+
+debug1: ssh_dss_verify: signature correct+
+debug2: kex_derive_keys+
+debug2: set_newkeys: mode 1+
+debug1: SSH2_MSG_NEWKEYS sent+
+debug1: expecting SSH2_MSG_NEWKEYS+
+debug2: set_newkeys: mode 0+
+debug1: SSH2_MSG_NEWKEYS received+
+debug1: SSH2_MSG_SERVICE_REQUEST sent+
+debug2: service_accept: ssh-userauth+
+debug1: SSH2_MSG_SERVICE_ACCEPT received+
+debug2: key: /home/user/.ssh/identity (0x0)+
+debug2: key: /home/user/.ssh/id_rsa (0x0)+
+debug2: key: /home/user/.ssh/id_dsa (0x0)+
+debug1: Authentications that can continue: publickey,password+
+debug3: start over, passed a different list publickey,password+
+debug3: preferred publickey,keyboard-interactive,password+
+debug3: authmethod_lookup publickey+
+debug3: remaining preferred: keyboard-interactive,password+
+debug3: authmethod_is_enabled publickey+
+debug1: Next authentication method: publickey+
+debug1: Trying private key: /home/user/.ssh/identity+
+debug3: no such identity: /home/user/.ssh/identity+
+debug1: Trying private key: /home/user/.ssh/id_rsa+
+debug3: no such identity: /home/user/.ssh/id_rsa+
+debug1: Trying private key: /home/user/.ssh/id_dsa+
+debug3: no such identity: /home/user/.ssh/id_dsa+
+debug2: we did not send a packet, disable method+
+debug3: authmethod_lookup password+
+debug3: remaining preferred: ,password+
+debug3: authmethod_is_enabled password+
+debug1: Next authentication method: password+
+user@macmachine.com's password:+
+debug3: packet_send2: adding 64 (len 57 padlen 7 extra_pad 64)+
+debug2: we sent a password packet, wait for reply+
+debug1: Authentications that can continue: publickey,password+
+Permission denied, please try again.+
+user@macmachine.com's password:+
+debug3: packet_send2: adding 64 (len 57 padlen 7 extra_pad 64)+
+debug2: we sent a password packet, wait for reply+
+debug1: Authentications that can continue: publickey,password+
+Permission denied, please try again.+
+user@macmachine.com's password:+
+debug3: packet_send2: adding 64 (len 57 padlen 7 extra_pad 64)+
+debug2: we sent a password packet, wait for reply+
+debug1: Authentications that can continue: publickey,password+
+debug2: we did not send a packet, disable method+
+debug1: No more authentication methods to try.+
+Permission denied (publickey,password).+

+user@xpmachine ~+
+$+

I will check into the permissions on the home side - that might be the root of the problem because I had bunch of errors when I initially installed cygwin and was attempting to configure ssh_host_config. It kept throwing errors saying the directory couldn't be written to. I chmod 777 the whole thing, so that may in fact be the issue. If it is the issue, how do I go about correcting/ what am I trying to change?

Thanks!

Understandable for sure - I think this is where my problem lies.

Without changing over to PuTTY just yet, what should I change the directory permissions to (and which directories need restrictive access)?

I'd like to keep cygwin for now, as I use it for some other things. (And I'm just getting the hang of it)

There is no ~/.ssh/authorized keys folder/file - should there be one if I haven't created one?

Also - what mode is 644?

The SACL setting on the mac is fine - 'user' is allowed admin access and is the account I use everyday on the mac.

Ok - yea, haven't set up public key authentication - will do so after I figure this out.

And as for understanding the permissions - I knew the basics, that 777 was all access - just from a little bit of tinkering via using ftp and web programming. I just ran through a quick explanation of permissions, so I think I have a better handle on it now.

So on the xp side of things with cygwin - some directories need more access, but which ones don't? I originally ran into problems installing it because it didn't have ENOUGH access.

Message was edited by: Tyrun

Alright, just tried using PuTTY on the xp machine to log into the mac.

Exact same problem. Connects, but I get "Access denied".

I'm really hoping this isn't something really dumb I'm forgetting. I've enabled 'user' remote login rights in the sharing part of the mac preferences.

I'm starting to wonder if it's not an issue with the mac side NAT/Firewall. The xp machine is my home machine which I have full control to setup/change the NAT/firewall. However the mac machine is at work at a large corporation where I don't have any control NATing the machine name correctly.

If the actual computer name is 'computer.company.com' when I try to log into it, will it necessarily be pointed to the mac machine? If not, what are my options? I've used Hamachi successfully, but only windows-windows. Anyone have any luck setting it up on an OS X intel machine?

HA!

I figured it out.

The problem: I couldn't connect correctly because the mac machine was not being NATed correctly.

The solution: Hamachi for a VPN (which works wonderfully through hard to network firewalls and networks). The initial setup on xp is a breeze, on Mac OS X - not so much. However, it can be done via command line setup.
The following links were helpful:
http://www.command-tab.com/2006/08/13/hamachi-on-mac-os-x/
http://files.hamachi.cc/osx/README

This is great - thanks everyone for your input and for helping me hash through this. I'm really starting to understand the power of forums and actually posting your problem, instead of googling for hours and hours and never finding the answer! Woohoo! :P