Skip navigation

SSH/SFTP fails silently on OSX 10.8.2 - ssh-agent issue

2105 Views 25 Replies Latest reply: Mar 10, 2013 8:47 AM by Linc Davis RSS
1 2 Previous Next
matfish2 Calculating status...
Currently Being Moderated
Mar 8, 2013 12:10 PM

I'm trying to login to a remote machine with SSH or SFTP.

 

 

when I try `ssh u-indgo@ssh1.eu1.frbit.com` the CLI just won't respond. I get an empty new line, in which I can type characters, but nothing more.

 

 

When I try to connect with `SFTP` using the same credentials (I use `Transmit` as my SFTP client) it just hangs forever and doesn't connect.

 

 

No errors. No response.

The problem isn't specific to `frbit.com` and persists with other IP's as well.

 

 

running with the -vv flag I got the following output:

 

 

    debug1: Reading configuration data /Users/matanya/.ssh/config

    debug1: Reading configuration data /usr/local/Cellar/openssh/6.1p1/etc/ssh_config

    debug2: ssh_connect: needpriv 0

    debug1: Connecting to ssh1.eu1.frbit.com [46.137.57.195] port 22.

    debug2: fd 3 setting O_NONBLOCK

    debug1: fd 3 clearing O_NONBLOCK

    debug1: Connection established.

    debug1: identity file /Users/matanya/.ssh/id_rsa type 1

    debug1: identity file /Users/matanya/.ssh/id_rsa-cert type -1

    debug1: identity file /Users/matanya/.ssh/id_dsa type 2

    debug1: identity file /Users/matanya/.ssh/id_dsa-cert type -1

    debug1: identity file /Users/matanya/.ssh/id_ecdsa type -1

    debug1: identity file /Users/matanya/.ssh/id_ecdsa-cert type -1

    debug1: Remote protocol version 2.0, remote software version OpenSSH_5.5p1

    debug1: match: OpenSSH_5.5p1 pat OpenSSH_5*

    debug1: Enabling compatibility mode for protocol 2.0

    debug1: Local version string SSH-2.0-OpenSSH_6.1

    debug2: fd 3 setting O_NONBLOCK

    debug1: SSH2_MSG_KEXINIT sent

    debug1: SSH2_MSG_KEXINIT received

    debug2: kex_parse_kexinit: ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-e xchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,di ffie-hellman-group1-sha1

    debug2: kex_parse_kexinit: ssh-rsa-cert-v01@openssh.com,ssh-rsa-cert-v00@openssh.com,ssh-rsa,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-dss-cert-v01@openssh.com,ssh-dss-cert-v00@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-dss

    debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blow fish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se

    debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blow fish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se

    debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96

    debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96

    debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib

    debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib

    debug2: kex_parse_kexinit:

    debug2: kex_parse_kexinit:

    debug2: kex_parse_kexinit: first_kex_follows 0

    debug2: kex_parse_kexinit: reserved 0

    debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie- hellman-group14-sha1,diffie-hellman-group1-sha1

    debug2: kex_parse_kexinit: ssh-rsa,ssh-dss

    debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blow fish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se

    debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blow fish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se

    debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96

    debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96

    debug2: kex_parse_kexinit: none,zlib@openssh.com

    debug2: kex_parse_kexinit: none,zlib@openssh.com

    debug2: kex_parse_kexinit:

    debug2: kex_parse_kexinit:

    debug2: kex_parse_kexinit: first_kex_follows 0

    debug2: kex_parse_kexinit: reserved 0

    debug2: mac_setup: found hmac-md5

    debug1: kex: server->client aes128-ctr hmac-md5 none

    debug2: mac_setup: found hmac-md5

    debug1: kex: client->server aes128-ctr hmac-md5 none

    debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent

    debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP

    debug2: dh_gen_key: priv key bits set: 140/256

    debug2: bits set: 543/1024

    debug1: SSH2_MSG_KEX_DH_GEX_INIT sent

    debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY

    debug1: Server host key: RSA 31:4c:71:e0:56:14:04:0d:c7:b2:6c:fc:8a:42:33:2e

    debug1: Host 'ssh1.eu1.frbit.com' is known and matches the RSA host key.

    debug1: Found key in /Users/matanya/.ssh/known_hosts:2

    debug2: bits set: 513/1024

    debug1: ssh_rsa_verify: signature correct

    debug2: kex_derive_keys

    debug2: set_newkeys: mode 1

    debug1: SSH2_MSG_NEWKEYS sent

    debug1: expecting SSH2_MSG_NEWKEYS

    debug2: set_newkeys: mode 0

    debug1: SSH2_MSG_NEWKEYS received

    debug1: Roaming not allowed by server

    debug1: SSH2_MSG_SERVICE_REQUEST sent

    debug2: service_accept: ssh-userauth

    debug1: SSH2_MSG_SERVICE_ACCEPT received

 

 

UPDATE: going through `system.log` I found the following:

 

 

 

 

    Mar  6 10:28:17 matanyas-imac com.apple.launchd.peruser.501[235] (org.openbsd.ssh-agent[574]): Exited with code: 1

    Mar  6 10:28:17 matanyas-imac com.apple.launchd.peruser.501[235] (org.openbsd.ssh-agent): Throttling respawn: Will start in 10 seconds

    Mar  6 10:28:27 matanyas-imac com.apple.launchd.peruser.501[235] (org.openbsd.ssh-agent[575]): Exited with code: 1

    Mar  6 10:28:27 matanyas-imac com.apple.launchd.peruser.501[235] (org.openbsd.ssh-agent): Throttling respawn: Will start in 10 seconds

 

 

What does `Code 1` stand for?

 

 

UPDATE: Following @Eir Nym advice, I found the file that `launchd` has problems with at `System/Library/LaunchAgents/org.openbsd.ssh-agent.plist`:

 

 

 

 

    <?xml version="1.0" encoding="UTF-8"?>

    <!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">

    <plist version="1.0">

    <dict>

              <key>Label</key>

              <string>org.openbsd.ssh-agent</string>

              <key>ProgramArguments</key>

              <array>

                        <string>/usr/bin/ssh-agent</string>

                        <string>-l</string>

              </array>

              <key>ServiceIPC</key>

              <true/>

              <key>Sockets</key>

              <dict>

                        <key>Listeners</key>

                        <dict>

                                  <key>SecureSocketWithKey</key>

                                  <string>SSH_AUTH_SOCK</string>

                        </dict>

              </dict>

            <key>EnableTransactions</key>

            <true/>

    </dict>

    </plist>

 

 

When I run `/usr/bin/ssh-agent` I get:

 

 

 

 

    SSH_AUTH_SOCK=/var/folders/pg/1g6_hnwx47bgqv5vcm1lq18h0000gn/T//ssh-01WuaHF32Sl V/agent.2145; export SSH_AUTH_SOCK;

    SSH_AGENT_PID=2146; export SSH_AGENT_PID;

    echo Agent pid 2146;

 

 

as for the `-l` flag (`<string>-l</string>`) there is no such flag on my version of `ssh-agent`. Outputs:

 

 

 

 

    ssh-agent: illegal option -- l

 

 

SSH version: OpenSSH_5.8p2, OpenSSL 0.9.8r 8 Feb 2011

iMac, OS X Mountain Lion (10.8.2)
  • etresoft Level 7 Level 7 (23,890 points)

    Your key files are probably corrupted. Move them aside and try again.

  • Linc Davis Level 10 Level 10 (107,615 points)

    What do you get from this:

     

    ls -Oaeln .ssh

  • BobHarris Level 6 Level 6 (12,505 points)

    I think Linc has figured out your problem.

     

    There are a handful of files and directories that must have restrictive permissions or ssh will not allow a connection.

     

    The ssh man page lists all the files and required permissions.

     

    Looking at your ls output I see the .ssh directory is too permissive. If that is wrong, even after recreating, then chances are other critical ssh files or directories are wrong. Read the ssh man page, find every file and directory mentioned and make sure there permissions are correct. Make sure to use the ls options Linc gave you.

  • BobHarris Level 6 Level 6 (12,505 points)

    Also keep in mind that both local AND remote ssh files must have correct permissions to make a secure connection. Check both systems.

  • Linc Davis Level 10 Level 10 (107,615 points)

    I'll take your word for it that you've fixed the permissions. Is ssh-agent in fact running?

  • etresoft Level 7 Level 7 (23,890 points)

    If it works with another user, but not your own, and not with your own user via non-traditional means, then it is probably your shell startup scripts.

     

    Open a few terminal windows. Move aside your shell startup scripts. Open a new terminal window and try it again. Then find out what from your old startup scripts is causing the problem.

  • etresoft Level 7 Level 7 (23,890 points)

    Then perhaps you should review what system modifications you have made and undo them. If that fails, reinstall the operating system.

  • Linc Davis Level 10 Level 10 (107,615 points)

    How do I check if ssh-agent is running?

     

    Activity Monitor.

1 2 Previous Next

Actions

More Like This

  • Retrieving data ...

Bookmarked By (0)

Legend

  • This solved my question - 10 points
  • This helped me - 5 points
This site contains user submitted content, comments and opinions and is for informational purposes only. Apple disclaims any and all liability for the acts, omissions and conduct of any third parties in connection with or related to your use of the site. All postings and use of the content on this site are subject to the Apple Support Communities Terms of Use.