Previous 1 2 3 Next 39 Replies Latest reply: Mar 12, 2013 5:49 PM by Ciarals Go to original post
  • liv04soccer Level 1 Level 1

    So I figured out how to view the config file thanks to Japmac with the pico command. But I still don't know how to edit, backup or save the config file.


    So far I generated the DSA keys, but don't know what to do with them.


    Thank you both for all your help sorry again for being such a pain just not familiar with Terminal.


    Thanks Alberto for showing me how to generate DSA keys.

  • japamac Level 7 Level 7

    You're not a pain, you're just learning.

  • Alberto Ravasio Level 5 Level 5

    Get TextWrangler it's an editor more user friendly for you.


    I'll be back after lunch.

  • Alberto Ravasio Level 5 Level 5

    This step must be done on the Mac that will act as SSH server, that is the computer you are going to connect to from a remote computer, either on your LAN or everywhere in the world.


    Is up to you to correctly configure your router to accept requests from the Internet and forward them to the right LAN IP address computer.


    First of all make a copy of the original sshd_config.


    Open Terminal. Copy and paste the following line, hit return at the end


    sudo cp -p /etc/sshd_config /etc/sshd_config-original;ls -la /etc/sshd*


    Your output should look like this. Size (3698) and date/time may be different for you, nevertheless the 2 lines must be equal.


    -rw-r--r--  1 root  wheel  3698  8 Dic 11:56 sshd_config

    -rw-r--r--  1 root  wheel  3698  8 Dic 11:56 sshd_config-original


  • Alberto Ravasio Level 5 Level 5

    Step 2 - Key pair


    You should generate the key pair on the computer that is used as client to connect to the SSH server.

    In reality it doesn't matter where you generate the keys, but for practical use do it on the client.


    The following instructions applies on the majority of unixes, OS X included. I won't cover Windows here.


    Open Terminal. Copy and paste the line below. Hit return at the end


    ssh-keygen -t dsa


    Your output should look like this


    Generating public/private dsa key pair.
    Enter file in which to save the key (/Users/xxxx/.ssh/id_dsa): 
    Created directory '/Users/xxxx/.ssh'.
    Enter passphrase (empty for no passphrase): 
    Enter same passphrase again: 
    Your identification has been saved in /Users/xxxx/.ssh/id_dsa.
    Your public key has been saved in /Users/xxxx/.ssh/
    The key fingerprint is:
    f9:08:6b:01:b8:03:9a:5e:3d:ce:d8:93:17:56:b3:eb xxxx@iMac.local
    The key's randomart image is:
    +--[ DSA 1024]----+
    |                 |
    |   .             |
    |. . .    o       |
    |.o ...  ..o      |
    |o o. oooS.       |
    |. ..= ++.o.      |
    | . . *o....      |
    |     .o .        |
    |         E       |


    What you get.

    inside your home folder will be created a new hidden folder named .ssh

    .ssh contains 2 files

    • id_dsa (private key. Keep this file secure. Never give it to anyone)
    • (public key. It is useless without the private key)


    For security reason you should provide a password (passphrase) that locks the private key. If you do, don't foget it


    Last step, is to copy the public key,, on the server. You can use a USB stick to facilitate the task.


    Once on the server drag and drop, from the USB stick, onto the Desktop.

    Open Terminal. Copy and paste the following line


    mkdir ~/.ssh;chmod 700 ~/.ssh;cat ~/Desktop/ >> ~/.ssh/authorized.keys;chmod 600 ~/.ssh/authorized.keys


    You probably get some errors if .ssh already exists on the SSH server. Do not care about that

  • Alberto Ravasio Level 5 Level 5

    Step 3 - Edit sshd_config


    This must be done on the SSH server


    Open TextWrangler. File, Open, see the picture below to get to sshd_config. Steps are numbered from 1 to 6



    When you try to edit the file, the following panel will pop up. Click Unlock




    Search for the following 3 lines


    #PermitRootLogin yes

    #PasswordAuthentication no

    #ChallengeResponseAuthentication yes


    Change them as


    PermitRootLogin no

    PasswordAuthentication no

    ChallengeResponseAuthentication no


    To save the file you must provide your admin username and password




    Close TexWrangler.


    You're done.

    Changes should be in place at once without further actions. To be sure, stop and restart Remote Login in System Preferences, Sharing.


    Testing time. Go to the ssh client


    Open Terminal. Type


    ssh user@sshserver


    change user with the username on the server and sshserver with the sshserver name or its IP adress

    If everything was fine you are connected to the ssh server and no password was required, except for your private key passphrase if you set it up, because the DSA private key worked that out for you.

  • liv04soccer Level 1 Level 1

    Thank you Thank You Thank you guys so much this is very helpful Thanks for the pictures and the wonderful guide you don't know how happy you guys made me. This was bugging me for awhile now. :) :) :) :) you guys rock.

  • liv04soccer Level 1 Level 1

    Everything seems to be working but when I try to connect from my client to my server, I am getting denied public key in Terminal.

  • liv04soccer Level 1 Level 1

    I am looking in Console and I do see that when I try to connect I get  

    1/8/13 5:12:08 AMsandboxd[1271]sshd(1273) deny mach-per-user-lookup
  • Alberto Ravasio Level 5 Level 5

    Did you create on the server the file ~/.ssh/authorized.keys with the client public key?


    Check again my post Step 2 - Key pair

  • liv04soccer Level 1 Level 1

    Yes I generated the keys on the client computer. Then transferred the public key over to my Macpro which is my server.


    Then I ran your command


    mkdir ~/.ssh;chmod 700 ~/.ssh;cat ~/Desktop/ >> ~/.ssh/authorized.keys;chmod 600 ~/.ssh/authorized.keys


    And it came up with a error saying file exist which you said to ingore.

  • Alberto Ravasio Level 5 Level 5

    On your MacPro open Terminal and issue


    ls -la ~/.ssh


    Post here the result

  • liv04soccer Level 1 Level 1

    Here is what came up



    total 48

    drwx------   9 macpro  staff   306 Jan  8 04:00 .

    drwxr-xr-x+ 51 macpro  staff  1734 Jan  8 10:46 ..

    -rw-------@  1 macpro  staff  6148 Dec 31 16:03 .DS_Store

    -rw-------   1 macpro  staff   621 Jan  8 04:00 authorized.keys

    -rw-r--r--   1 macpro  staff     0 Dec 30 13:36 config

    -rw-------   1 macpro  staff   736 Dec 31 15:41 id_dsa

    -rw-r--r--   1 macpro  staff   616 Dec 31 15:41

    drwxr-xr-x   5 macpro  staff   170 Dec 31 16:03 key_backup

    -rw-r--r--   1 macpro  staff   391 Dec 29 18:31 known_hosts

  • Alberto Ravasio Level 5 Level 5

    If you do on the server in Terminal


    cat ~/.ssh/authorized.keys


    and on the client in Terminal


    cat ~/.ssh/


    they are exactly the same?

  • liv04soccer Level 1 Level 1

    Yes they are the same.


    I generated keys on my server too when you were helping me out earlier in the post so I don't know if that's conflicting with anything in the .ssh folder.


    Didn't know the keys had to be generated on the client computer.