Can't ssh into my own mac

Question

Level 1

0 points

Can't ssh into my own mac

I'm really banging my head against the wall with this one.

I can't seem to ssh into my own mac. I've made sure Remote Login is on and that the Firewall is allowing connections. I was starting to think it had something to do with Norton Antivirus 11 but I installed NAV 11 on a freshly built 10.5 mac and was able to ssh into it (from my mac and from that one). I also tried with 10.5.2, 10.5.4 and 10.5.5 with success.

It's as if port 22 keeps toggling off despite the GUI saying otherwise. Here's the message I get when I try to ssh into my own mac:

XXX-XXXXX:~ xxxxxxxx$ ssh -vvv 127.0.0.1
OpenSSH_5.1p1, OpenSSL 0.9.7l 28 Sep 2006
debug1: Reading configuration data /etc/ssh_config
debug2: ssh_connect: needpriv 0
debug1: Connecting to 127.0.0.1 [127.0.0.1] port 22.
debug1: connect to address 127.0.0.1 port 22: Connection refused
ssh: connect to host 127.0.0.1 port 22: Connection refused

I've got a Macbook Pro w/ CS3, NAV 11, Office 08, etc. Any ideas?

Macbook Pro, Mac OS X (10.5.5)

Posted on Dec 12, 2008 6:16 PM

Reply

Answer 1

Best reply

nerowolfe

Level 6

13,090 points

Dec 12, 2008 6:25 PM in response to Greg Lopez

Welcome to Apple Discussions:
My first and gut reaction would be to lose Norton, which, IMO is itself a virus.
ClamAV is fine for Macs and there are no virii anyway. Only malware that one has to invite onto the platform.

I have had similar problems, albeit in the PC world with similar products in which they would not always act the same way. Removing Norton completely is not an easy task and I suspect that it is the problem.
It may simply be that an uninstall/reinstall of Norton will fix things. I have no faith in Norton anymore.

You might create a new user and see if the ssh issue exists with the new user as well.

Reply

Answer 2

Tim Haigh

Level 7

24,198 points

Dec 13, 2008 6:15 AM in response to Greg Lopez

If the mac you want to be the ssh server is behind a router then you don't really need to use its built in application firewall.

The way to test ssh is to make sure your client and server are both on the same LAN turn off the built in firewalls.

Then engage the connection using the local ip of the server e.g 192.168.0.10 but make the login very verbose so you can see a full description of the login process.

eg

ssh -vvv user@192.168.0.10

If you dont specify a username make sure the account name your sshing from is has an account on the server with exactly the same name.

Reply

Answer 3

Dec 13, 2008 2:24 PM in response to Greg Lopez

G Lo wrote:
XXX-XXXXX:~ xxxxxxxx$ ssh -vvv 127.0.0.1

Who says sshd is listening on localhost?

Reply

Answer 4

BobHarris

Level 9

53,291 points

Dec 13, 2008 5:40 PM in response to Greg Lopez

I can *ssh 127.0.0.1* without any problems. I also have the same ssh version: "OpenSSH_5.1p1, OpenSSL 0.9.7l 28 Sep 2006". I'm using Mac OS X 10.5.5 on a MacBook.

Do you have a permissions problem?

If you $HOME directory is writable by Group or Other, ssh will start to get cranky.

If $HOME/.ssh is anything except drwx------, ssh will get cranky.

If some of the key files in $HOME/.ssh do not have the correct permissions, ssh will get cranky.

See *man ssh* for all the permissions ssh requires on key files.

Did you add anything to /etc/ssh_config that might change ssh behavior?

Did you add anything to /etc/sshd_config?

Have you tried disabling the firewall as an experiment?

Have you tried disabling NAV as an experiment?

Reply

Answer 5

Greg Lopez Author

Level 1

0 points

Dec 13, 2008 9:17 PM in response to BobHarris

I did an ls -la to check permissions and $HOME/.ssh permissions look like this:

drwx------ 3 xxxxxxx staff 102 Dec 4 19:14 .ssh

I haven't added anything to /etc/sshd_config. I have tried to disable the firewall (through GUI) and have disabled NAV to no avail.

I'm thinking of reinstalling NAV 11 to see if it will work. I can't use a different AV due to office policy.

I'm still learning unix so any other commands you could suggest would be appreciated. 🙂

Reply

Answer 6

BobHarris

Level 9

53,291 points

Dec 14, 2008 8:21 AM in response to Greg Lopez

Can you ssh into your Mac from another system?

Have you tried:


ssh localhost

Do you have anything strange in /etc/hosts ? I would expect to see somthing like:


127.0.0.1 localhost
255.255.255.255 broadcasthost
::1 localhost 
fe80::1%lo0 localhost

it is the 127.0.0.1 line I'm thinking about.

But also notice there are other localhost entries for IPv6, so using localhost works, but 127.0.0.1 does not, then maybe it is an IPv4 problem, and IPv6 is working for localhost.

Do you have IPv6 enabled? As an experiment ONLY try disabling IPv6. You can turn it back on after the experiment. This may be a bit of old folklore, but in a previous Mac OS X version (Panther I think), IPv6 and ssh did not play well together. It think it has been resolved since then, so I'm just throwing this out as ideas at this point.
System Preferences -> Network -> Advanced -> IPv6 -> Off
Like I said, you can turn it back on if this experiment doesn't change anything.

Reply

Answer 7

Greg Lopez Author

Level 1

0 points

Dec 15, 2008 12:07 PM in response to BobHarris

Got it!

The problem was NAV 11. I ended up uninstalling and shutting down. I was able to ssh in after I booted up. Then I reinstalled NAV 11 but couldn't connect through ssh after the install. In NAV 11 prefs, I turned on Auto-Protect and Vulnerabilty Protection and then rebooted. I was able to ssh in after the reboot.

Thanks to those who helped!

Reply

Answer 8

Greg Lopez Author

Level 1

0 points

Dec 15, 2008 12:13 PM in response to nerowolfe

nerowolfe probably most deserves credit.

The problem was NAV 11. I ended up uninstalling and shutting down. I was able to ssh in after I booted up. Then I reinstalled NAV 11 but couldn't connect through ssh after the install. In NAV 11 prefs, I turned on Auto-Protect and Vulnerabilty Protection and then rebooted. I was able to ssh in after the reboot.

Thanks to those who helped!

Reply

Answer 9

Greg Lopez Author

Level 1

0 points

Dec 17, 2008 11:45 AM in response to Greg Lopez

Just a follow-up:

It appears NAV 11 changes some preferences around which contribute to not being able to ssh into my mac. If after NAV 11 reinstall you still have issues, try running Disk Utility>Repair permissions in order to
fix. Here is my log:

Repairing permissions for ³Macintosh HD²
Reading permissions database.
Reading the permissions database can take several minutes.

User differs on "private/etc/hostconfig", should be 0, user is 99.
Group differs on "private/etc/hostconfig", should be 0, group is 99.
User differs on "System/Library/LaunchDaemons/ssh.plist", should be 0, user
is 99.
Group differs on "System/Library/LaunchDaemons/ssh.plist", should be 0,
group is 99.
Group differs on "private/etc/cups", should be 0, group is 26.
Permissions differ on "private/var/spool/cups/cache/rss", should be
drwxr-xr-x , they are drwxrwxr-x .

Permissions repair complete

Reply

Answer 10

sfelix

Level 1

0 points

Jan 29, 2009 6:38 PM in response to nerowolfe

Hi nerowolfe,

i'm also having the same issue but perhaps for slightly different reasons. I can't use ssh to connect to any server and i am not using NAV, my firewall is disabled. I first noticed this after I installed the 10.5.6 update. Any ideas would be appreciated, this is quite aggravating. Thanks.

Reply

Answer 11

Feb 8, 2009 1:12 PM in response to sfelix

An easy test to see if it is a connectivity issue:
- on the machine you are trying to connect to: ssh localhost
- on the machine you are trying to connect from (replace hostname with the name/address): telnet hostname 22

If the former works, but not the latter then there are chances it is a connectivity issue. If the former does not work then ssh is not running on the remote server. You could also try pinging the machine to see if it responds.

Reply