User profile for user: QuietMacFan
QuietMacFan Author
User level: Level 1
130 points

ssh keeps asking for password

When I got my iMac it ran El Capitan. ssh worked between it and a lan client (an old linux box) (that's after ssh was set up to not require a password via it's standard typical setup as follows:


http://inside.mines.edu/fs_home/gmurray/HowTo/sshNotes.html


<snip

Checking the password-less connection: Now the command

<snip


When I updated ssh last 3 times: started asking for passwords ONLY ON THE iMac, and even when the iMac was contacting itself! To fix this i restored El Capitan ssh binaries (only, nothing else) and it worked again. However I'm getting tired of rebooting 2x and fixing every auto-update.


I've not found anything in documentation to suggest the configuration files have changed or process to setup (see above) have changed which would result in the problem of "never stops asking for passwords AFTER being set up".


I've asked the same question in past but no-one could answer. Hopefully apple will fix this or someone will know what i'm talking about and what the real problem is, at some point.


(p.s. I like rsh better - it's a simpler (shell for rcmd, which ssh uses) - but it was removed by the ssh team from Apple's Sierra updates - i guess it needs compiling but also special plist files to ever work again; which i'm hoping to avoid as my todo list is already past end of life by quite a bit - and most of it isn't in my hoped for bucket list 🙂)

iMac with Retina 5K display, macOS Sierra (10.12)

Posted on Jan 28, 2017 11:50 AM

Reply
3 replies
User profile for user: QuietMacFan
QuietMacFan Author
User level: Level 1
130 points

Oct 12, 2017 7:15 PM in response to QuietMacFan

I finally ran into the SOLUTION by accident (got a mac mini and was redo-ing ssh).


# enable remote login in Settings

$ ssh-keyget # ok

$ ssh-keygen -t dsa # BROKEN

# copy keys around to ~/.ssh/authorized_keys, maybe change perms on them a bit stiffer, done


The latter (-t dsa) does NOT work (note default is -t rsa) in Sierra (still keeps asking for password) but works between linux boxes. -t dsa allows much faster logins by using cheaper encryption. This broken thing "ok" as long as one is warned -t dsa is disabled. (problem: you wont find the warning in configs or in man page, and no one seems to know these kinds of things)

Reply
User profile for user: sterling r
sterling r
User level: Community Specialist

Jan 29, 2017 9:30 AM in response to QuietMacFan

Hi there, QuietMacFan.
It appears that you're being asked for a password when trying to connect to your iMac on macOS Sierra 10.12 from a different computer. I'll be glad to help with this.​
macOS Sierra: Allow a remote computer to access your Mac -- Use this article to make sure you have set it up correctly.
Try safe mode if your Mac doesn‘t finish starting up -- Test how it responds in safe mode. If there are no issues, reboot normally and test again in your own user account.

You can use safe mode to help resolve issues that might keep your Mac from completely starting up.

​How to test an issue in another user account on your Mac -- If the issue is also happening in safe mode, use this article to test another user account. This will demonstrate if the issue is isolated to your account, or if it's system wide. You'll need to set this up in the new user account to test.


Let me know how that goes and thanks for using Apple Support Communities!

Reply
User profile for user: QuietMacFan
QuietMacFan Author
User level: Level 1
130 points

Jan 29, 2017 9:47 AM in response to sterling r

No, none of that did anything or wasn't related to the Question at all.


> try to enable remote access


Why is because if you read - i already had / have remote access working, and ssh working before and after upgrade (after fixing it each time). only ssh has the problem, and the old ssh bins work in the new Sierra update (minus the run-around of using backups to get them). the problem is the new ssh bins OR lack of documentation explaining what changes must be made. i'm unsure how i could be more clear.


> try another user account


No. I did that plus i tried re-creating from scratch ~/.ssh files too. I tried permutations and combinations of settings in the /etc/ssh/ssh[d].conf'igs. Nothing worked for the new bins: always password asked and only by the iMac node.


(the only thing i didn't try is compiling ssh myself using xcode to make binary that works (ie, by finding offending line of code or by merely having a non-damaged binary; compiled fresh) - HOWEVER binary would continually get clobbered every auto-update and require sip action each apple MacOS update. when is OS/X returning? X is not working in El Capitan either. i did compile one of the 3 ssh used between the ring of some few remote computers. i had no problems doing so and it works "over there". just not "here". it's not the new launchd or plist: those work fine - as i said only /usr/[s]bin/ssh* were replaced, per say)


> Try safe mode if your Mac doesn‘t finish starting up


That seems like blind advice - i didn't mention anything about startup or shutdown difficulties, and infact have never seen them on my iMac even once. I'm guessing that's probably because I ONLY install app store apps.


thanks for replying

Reply

This thread has been closed by the system or the community team. You may vote for any posts you find helpful, or search the Community for additional answers.

ssh keeps asking for password

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.
Learn more Sign up