How do I disable password based login for ssh

Question

Level 1

0 points

How do I disable password based login for ssh

Before upgrading to Mountain Lion I had setup my computer to allow remote login via SSH. Now that I have upgraded I can no longer login to my computer via SSH without specifying a password. How do I get back to not having to supply a password to login?

I created a user named `remotepair` and generated a RSA ssh key. I had setup password-less login to this user by adding the public keys of those who login to the ~/.ssh/authorized_keys file and the following settings in /etc/sshd_config

Protocol 2

PubkeyAuthentication yes

PermitRootLogin no
PasswordAuthentication no
PermitEmptyPasswords no
ChallengeResponseAuthentication no
AllowUsers remotepair

I also created a question on ServerFault about other issues I have with SSH. I solved the issue by doing a PRAM reset.

Since my settings are no longer working for password-less login, how do I enable password-less login to my Mountain Lion enable Mac?

SSHD-OTHER, OS X Mountain Lion

Posted on Aug 22, 2012 12:29 PM

Reply

Answer 1

Linc Davis

Level 10

209,547 points

Aug 23, 2012 7:01 AM in response to jjasonclark

Try to log in with "ssh -vvv" and post the output.

Reply

Answer 2

jjasonclark Author

Level 1

0 points

Aug 23, 2012 9:57 AM in response to Linc Davis

Output for ssh -vvv remotepair@home.jjasonclark.com

OpenSSH_5.9p1, OpenSSL 0.9.8r 8 Feb 2011

debug1: Reading configuration data /Users/jjasonclark/.ssh/config

debug1: Reading configuration data /usr/local/Cellar/openssh/5.9p1/etc/ssh_config

debug2: ssh_connect: needpriv 0

debug1: Connecting to home.jjasonclark.com [50.47.10.153] port 22.

debug1: Connection established.

debug3: Incorrect RSA1 identifier

debug3: Could not load "/Users/jjasonclark/.ssh/id_rsa" as a RSA1 public key

debug1: identity file /Users/jjasonclark/.ssh/id_rsa type 1

debug1: identity file /Users/jjasonclark/.ssh/id_rsa-cert type -1

debug1: identity file /Users/jjasonclark/.ssh/id_dsa type -1

debug1: identity file /Users/jjasonclark/.ssh/id_dsa-cert type -1

debug1: identity file /Users/jjasonclark/.ssh/id_ecdsa type -1

debug1: identity file /Users/jjasonclark/.ssh/id_ecdsa-cert type -1

debug1: Remote protocol version 2.0, remote software version OpenSSH_5.3p1 Debian-3ubuntu7

debug1: match: OpenSSH_5.3p1 Debian-3ubuntu7 pat OpenSSH*

debug1: Enabling compatibility mode for protocol 2.0

debug1: Local version string SSH-2.0-OpenSSH_5.9

debug2: fd 3 setting O_NONBLOCK

debug3: load_hostkeys: loading entries for host "home.jjasonclark.com" from file "/Users/jjasonclark/.ssh/known_hosts"

debug3: load_hostkeys: found key type RSA in file /Users/jjasonclark/.ssh/known_hosts:20

debug3: load_hostkeys: loaded 1 keys

debug3: order_hostkeyalgs: prefer hostkeyalgs: ssh-rsa-cert-v01@openssh.com,ssh-rsa-cert-v00@openssh.com,ssh-rsa

debug1: SSH2_MSG_KEXINIT sent

debug1: SSH2_MSG_KEXINIT received

debug2: kex_parse_kexinit: ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-e xchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14

-sha1,diffie-hellman-group1-sha1

debug2: kex_parse_kexinit: ssh-rsa-cert-v01@openssh.com,ssh-rsa-cert-v00@openssh.com,ssh-rsa,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecd

sa-sha2-nistp521-cert-v01@openssh.com,ssh-dss-cert-v01@openssh.com,ssh-dss-cert-v00@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-dss

debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blow fish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.

liu.se

debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blow fish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.

liu.se

debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-sha2-256,hmac-sha2-256-96,hmac-sha2-512,hmac-sha2-512-96,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha

1-96,hmac-md5-96

debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-sha2-256,hmac-sha2-256-96,hmac-sha2-512,hmac-sha2-512-96,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha

1-96,hmac-md5-96

debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib

debug2: kex_parse_kexinit:

debug2: kex_parse_kexinit: first_kex_follows 0

debug2: kex_parse_kexinit: reserved 0

debug2: mac_setup: found hmac-md5

debug1: kex: server->client aes128-ctr hmac-md5 none

debug2: mac_setup: found hmac-md5

debug1: kex: client->server aes128-ctr hmac-md5 none

debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent

debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP

debug2: dh_gen_key: priv key bits set: 125/256

debug2: bits set: 510/1024

debug1: SSH2_MSG_KEX_DH_GEX_INIT sent

debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY

debug1: Server host key: RSA 80:b1:a1:11:8f:73:3a:bf:29:04:e9:70:18:d8:d5:cd

debug3: load_hostkeys: loading entries for host "home.jjasonclark.com" from file "/Users/jjasonclark/.ssh/known_hosts"

debug3: load_hostkeys: found key type RSA in file /Users/jjasonclark/.ssh/known_hosts:20

debug3: load_hostkeys: loaded 1 keys

debug3: load_hostkeys: loading entries for host "50.47.10.153" from file "/Users/jjasonclark/.ssh/known_hosts"

debug3: load_hostkeys: found key type RSA in file /Users/jjasonclark/.ssh/known_hosts:20

debug3: load_hostkeys: loaded 1 keys

debug1: Host 'home.jjasonclark.com' is known and matches the RSA host key.

debug1: Found key in /Users/jjasonclark/.ssh/known_hosts:20

debug2: bits set: 475/1024

debug1: ssh_rsa_verify: signature correct

debug2: kex_derive_keys

debug2: set_newkeys: mode 1

debug1: SSH2_MSG_NEWKEYS sent

debug1: expecting SSH2_MSG_NEWKEYS

debug2: set_newkeys: mode 0

debug1: SSH2_MSG_NEWKEYS received

debug1: Roaming not allowed by server

debug1: SSH2_MSG_SERVICE_REQUEST sent

debug2: service_accept: ssh-userauth

debug1: SSH2_MSG_SERVICE_ACCEPT received

debug2: key: /Users/jjasonclark/.ssh/id_rsa (0x7fbb53c14d60)

debug2: key: /Users/jjasonclark/.ssh/github (0x7fbb53c15600)

debug2: key: /Users/jjasonclark/.ssh/id_dsa (0x0)

debug2: key: /Users/jjasonclark/.ssh/id_ecdsa (0x0)

debug1: Authentications that can continue: publickey,password

debug3: start over, passed a different list publickey,password

debug3: preferred publickey,keyboard-interactive,password

debug3: authmethod_lookup publickey

debug3: remaining preferred: keyboard-interactive,password

debug3: authmethod_is_enabled publickey

debug1: Next authentication method: publickey

debug1: Offering RSA public key: /Users/jjasonclark/.ssh/id_rsa

debug3: send_pubkey_test

debug2: we sent a publickey packet, wait for reply

debug1: Authentications that can continue: publickey,password

debug1: Offering RSA public key: /Users/jjasonclark/.ssh/github

debug3: send_pubkey_test

debug2: we sent a publickey packet, wait for reply

debug1: Authentications that can continue: publickey,password

debug1: Trying private key: /Users/jjasonclark/.ssh/id_dsa

debug3: no such identity: /Users/jjasonclark/.ssh/id_dsa

debug1: Trying private key: /Users/jjasonclark/.ssh/id_ecdsa

debug3: no such identity: /Users/jjasonclark/.ssh/id_ecdsa

debug2: we did not send a packet, disable method

debug3: authmethod_lookup password

debug3: remaining preferred: ,password

debug3: authmethod_is_enabled password

debug1: Next authentication method: password

remotepair@home.jjasonclark.com's password:

Reply

Answer 3

jjasonclark Author

Level 1

0 points

Aug 23, 2012 10:01 AM in response to jjasonclark

The key it should be using is id_rsa.pub. I'm guessing when it says sending the public key for id_rsa that it really means its sending id_rsa.pub.

Reply

Answer 4

jjasonclark Author

Level 1

0 points

Aug 23, 2012 10:19 AM in response to jjasonclark

I have found the solution to the issue. The address I'm sshing to is really just a port forwarding machine. The standard port is being forwarded to a different machine than expected. When I specify the port number I get the correct computer and everything works fine.

Reply