In pursuit of an "SCP" problem, I am trying to locate a file named "sshd_config" on my MacBook Pro running Mavericks. I believe this file relates to the operation of SSH (Secure Shell). Can anyone point me in the right direction (or state definitively that it doesn't exist)?
MacBook Pro with Retina display, OS X Mavericks (10.9)
/etc/sshd_config
HOWEVER, based on your other thread, I this you have a username problem, and not an sshd_config problem.
<Passwordless SCP file transfers between RaspberryPi and MacBook Pro.>
Hi Bob,
the answer to your first question is, yes, my Mac username is "michaelfarmer". Secondly, the path for this user on my Mac is "Users/michaelfarmer".
When I tried sending the command "ssh -v -v -v michaelfarmer@<Mac IP Address>" from my Pi, I could connect to the Mac provided I enter my Mac password when requested.
A real "newbie" question; is the output generated by the above command on the Pi created by the Pi or received from the Mac? The reason for asking is that I am trying to understand the process behind the debug output. The following lines are an excerpt from the debug output following the above command:-
.
.
1) debug3: authmethod_lookup publickey
2) debug3: remaining preferred: keyboard-interactive, password
3) debug3: authmethod_is_enabled publickey
4) debug1: Next authentication method: publickey
5) debug1: Offering RSA public key: /home/mick_f/.ssh/id_rsa
6) debug3: send_pubkey_test
7) debug2: we sent a publickey packet, wait for reply
8) debug1: Authentications that can continue: public key, keyboard-interactive
9) debug1: Trying private key: /home/mick_f/.ssh/id_dsa
.
.
I thought that the basic idea underlying Private/Public key authentication was that the Private key resided only on the source machine (in my case the PI) but that the public key was distributed to any machine you wish to communicate with. When establishing communication between the machines, a comparison was made between the two keys to verify that they were a pair and that this comparison process would take place on the source machine (to ensure that the private key remained with that machine.) This would necessarily imply that the public key was sent from the "target" machine (in my case the Mac) to the source to allow such a comparison to take place. If (and its a big IF!!) my understanding is correct, line (5) above is confusing me as the path shown is appropriate to the PI and the public key file identity on either machine is "id_rsa.pub".
I apologise for the digression into "sshd_config" territory; I am sure you are correct and that my problem is rooted in username issues but I can't at present see exactly what. Surely I don't need to have the same username at both ends?
I look forward to your comments.
Mick F
I apologise for the digression into "sshd_config" territory; I am sure you are correct and that my problem is rooted in username issues but I can't at present see exactly what. Surely I don't need to have the same username at both ends?
Not a problem. Unless you were previously playing with sshd_config, then the default settings do work for ssh-keygen based logins (I use it all the time). Beside if you had previously messed with the sshd_config file, you would already know where it was, so you wouldn't be asking where it was 🙂
Then again, you could consider playing with the "LogLevel DEBUG3" value to get more sshd debugging information into the Mac system.log. You would then disable System Preferences -> Sharing -> Remote Login, then re-enable it to get sshd to see the new /etc/sshd_config values. After you finish debugging you should REMOVE (or comment out) the "LogLevel DEBUG3" (or even better save a copy of the original sshd_config before making any modifications, so you can put the original back and again disable/enable Remote Login to get sshd to see the changes.
I thought that the basic idea underlying Private/Public key authentication was that the Private key resided only on the source machine (in my case the PI) but that the public key was distributed to any machine you wish to communicate with. When establishing communication between the machines, a comparison was made between the two keys to verify that they were a pair and that this comparison process would take place on the source machine (to ensure that the private key remained with that machine.) This would necessarily imply that the public key was sent from the "target" machine (in my case the Mac) to the source to allow such a comparison to take place. If (and its a big IF!!) my understanding is correct, line (5) above is confusing me as the path shown is appropriate to the PI and the public key file identity on either machine is "id_rsa.pub".
Yes, you put the .pub file on the remote system into the .ssh/authorized_keys file of the destination account. In your case that would be
/Users/michaelfarmer/.ssh/authorized_keys
I think the sender encrypts its public key with using its private key, and the receiver decrypts the message with the public key. I could be wrong about exactly what is encrypted, but the point is that the receiver being able to decrypt something from the sender using the sender's public key that the receiver allowed to be put into .ssh/authorized_keys is how the receiver knows the sender is allowed to use ssh-keygen keys to login.
However, something is strange on your system, as the sshd log file information indicates it is looking in /home/michaelfarmer/.ssh, but that is not the correct place to be looking.
And when I ran an experiment on my own system using a bogus username, I did not get told the directory. I was only told it was an invalid username.
Jun 15 08:57:02 myMacName sshd[1623]: Invalid user fredflintstone from 127.0.0.1
Jun 15 08:57:02 myMacName sshd[1623]: input_userauth_request: invalid user fredflintstone [preauth]
Jun 15 08:57:02 myMacName sshd: unknown [pam][1625]: in od_record_create(): failed: 13
Jun 15 08:57:02 myMacName sshd: unknown [pam][1625]: in od_record_create_cstring(): failed: 13
Jun 15 08:57:02 myMacName sshd[1623]: Postponed keyboard-interactive for invalid user fredflintstone from 127.0.0.1 port 52993 ssh2 [preauth]
It did not try to tell me where the home folder for fredflintstone was. So I do not understand why a connection from your Raspberry Pi would have /home/michaelfarmer in the sshd log messages.
And when do not have a correct .pub key in .ssh/authorized_keys, I still DO NOT get the error messages you were showing in your other thread. So I'm wondering if there is something in the keys generated on the Raspberry Pi, or something in the connection messages from the ssh client on the Raspberry Pi that is telling the Mac where it should be looking.
If you have another system that you can ssh from into your Mac to see if the ssh-keygen information behaves the same or differently. I've done all my experiments just logging into myself (Panera Bread Cafe does not offer me other systems I'm willing to use as test systems, especially with ssh-keygen keys 🙂).
Location of "sshd_config"
