I am bit new to terminal commands so struggling a bit with passwordless SSH for rsync. I have unraid server which wants to connect to MacOS for rsync backup work (copy from MacOS to Unraid) but cannot make MacOS to use ssh keys. SSH public keys are in authorized_keys but MacOS does not seem to use it somehow. Please help!
Mac Studio, macOS 13.1
Using
ssh-keygen -t ed25519
answer each prompt with just the return key.
That will create a passwordless ssh id_ed25519 and id_25519.pub key pair.
copy both keys to the unraid server into the account’s $HOME/.ssh/ directory.
Append the contents of the id_25519.pub file to the authorized_keys file in the Mac account’s $HOME/.ssh/ directory.
You need to use ed25519 based keys, because Ventura is using OpenSSH v8 which has deprecated RSA keys.
Using
ssh-keygen -t ed25519
answer each prompt with just the return key.
That will create a passwordless ssh id_ed25519 and id_25519.pub key pair.
copy both keys to the unraid server into the account’s $HOME/.ssh/ directory.
Append the contents of the id_25519.pub file to the authorized_keys file in the Mac account’s $HOME/.ssh/ directory.
You need to use ed25519 based keys, because Ventura is using OpenSSH v8 which has deprecated RSA keys.
It did not work unfortunately. Still prompt for password when I SSH. The new public key is in the authorized_keys file (after using ssh-copy-id) [ssh-ed25519 AAAA.......]
Also want mention that when I SSH into my Mac, it says the following:
hostfile_replace_entries: link /root/.ssh/known_hosts to /root/.ssh/known_hosts.old: Operation not permitted
update_known_hosts: hostfile_replace_entries failed for /root/.ssh/known_hosts: Operation not permitted
Is this relevant? Is there a permission issue somewhere?
Here is the log of the SSH request:
OpenSSH_9.1p1, OpenSSL 1.1.1s 1 Nov 2022
debug1: Reading configuration data /root/.ssh/config
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Authenticator provider $SSH_SK_PROVIDER did not resolve; disabling
debug1: Connecting to 192.168.0.32 [192.168.0.32] port 22.
debug1: Connection established.
debug1: identity file /root/.ssh/id_rsa type -1
debug1: identity file /root/.ssh/id_rsa-cert type -1
debug1: identity file /root/.ssh/id_ecdsa type -1
debug1: identity file /root/.ssh/id_ecdsa-cert type -1
debug1: identity file /root/.ssh/id_ecdsa_sk type -1
debug1: identity file /root/.ssh/id_ecdsa_sk-cert type -1
debug1: identity file /root/.ssh/id_ed25519 type 3
debug1: identity file /root/.ssh/id_ed25519-cert type -1
debug1: identity file /root/.ssh/id_ed25519_sk type -1
debug1: identity file /root/.ssh/id_ed25519_sk-cert type -1
debug1: identity file /root/.ssh/id_xmss type -1
debug1: identity file /root/.ssh/id_xmss-cert type -1
debug1: identity file /root/.ssh/id_dsa type -1
debug1: identity file /root/.ssh/id_dsa-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_9.1
debug1: Remote protocol version 2.0, remote software version OpenSSH_9.0
debug1: compat_banner: match: OpenSSH_9.0 pat OpenSSH* compat 0x04000000
debug1: Authenticating to 192.168.0.32:22 as 'nhatlinh'
debug1: load_hostkeys: fopen /root/.ssh/known_hosts2: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directory
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: sntrup761x25519-sha512@openssh.com
debug1: kex: host key algorithm: ssh-ed25519
debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: SSH2_MSG_KEX_ECDH_REPLY received
debug1: Server host key: ssh-ed25519 SHA256:vqIyP5YEHxnF1oRq1yJPq0dLHiID7QKDa8Kx7XYhBFs
debug1: load_hostkeys: fopen /root/.ssh/known_hosts2: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directory
debug1: Host '192.168.0.32' is known and matches the ED25519 host key.
debug1: Found key in /root/.ssh/known_hosts:1
debug1: rekey out after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey in after 134217728 blocks
debug1: Will attempt key: /root/.ssh/id_rsa
debug1: Will attempt key: /root/.ssh/id_ecdsa
debug1: Will attempt key: /root/.ssh/id_ecdsa_sk
debug1: Will attempt key: /root/.ssh/id_ed25519 ED25519 SHA256:tuTRM7e1l4gp19VqZfiRBun2+Y/i4KvWKt0cGqNCvq0
debug1: Will attempt key: /root/.ssh/id_ed25519_sk
debug1: Will attempt key: /root/.ssh/id_xmss
debug1: Will attempt key: /root/.ssh/id_dsa
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519,ssh-rsa,rsa-sha2-256,rsa-sha2-512,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521>
debug1: kex_input_ext_info: publickey-hostbound@openssh.com=<0>
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Trying private key: /root/.ssh/id_rsa
debug1: Trying private key: /root/.ssh/id_ecdsa
debug1: Trying private key: /root/.ssh/id_ecdsa_sk
debug1: Offering public key: /root/.ssh/id_ed25519 ED25519 SHA256:tuTRM7e1l4gp19VqZfiRBun2+Y/i4KvWKt0cGqNCvq0
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Trying private key: /root/.ssh/id_ed25519_sk
debug1: Trying private key: /root/.ssh/id_xmss
debug1: Trying private key: /root/.ssh/id_dsa
debug1: Next authentication method: keyboard-interactive
You are using the 'root' account? Are you also trying to connect to the other system's 'root' account?
if so, did you put the contents of the .pub file into the remote system's 'root' account's authorized_keys file?
Thank you very much. Did not know about RSA being depricated. My Unraid server is running schedule so i will run it on Unraid and ssh-copy-id to MacOS. Many thank!
FWIW.....Ventura 13.3 released today.
Passwordless SSH into MacOS Ventura 13.1
