Mac Os X Asking For Password Ssh Key File Permissions
I have setup public/private keys on Linux to let me ssh without a password. Works fine from Linux to Linux.
However, when I try to do the same between my Linux box and OS X it's no go. I have made keys with ssh-keygen -d. I put the public key it generates on my OS X box in ~/.ssh/authorized_keys2. I made sure not to enter a password when generating it.
Are there some options I need to tweak in sshd_config or something? This has just worked w/ Linux. My ssh -v output is below. Thanks for any advice.
ssh -v Rick
OpenSSH_3.0.2p1 Debian 1:3.0.2p1-9, SSH protocols 1.5/2.0, OpenSSL 0x0090603f
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Seeding random number generator
debug1: Rhosts Authentication disabled, originating port will not be trusted.
debug1: restore_uid
debug1: ssh_connect: getuid 1000 geteuid 0 anon 1
debug1: Connecting to Rick [192.168.1.100] port 22.
debug1: temporarily_use_uid: 1000/1000 (e=0)
debug1: restore_uid
debug1: temporarily_use_uid: 1000/1000 (e=0)
debug1: restore_uid
debug1: Connection established.
debug1: read PEM private key done: type DSA
debug1: read PEM private key done: type RSA
debug1: identity file /home/rob/.ssh/identity type 0
debug1: identity file /home/rob/.ssh/id_rsa type 1
debug1: identity file /home/rob/.ssh/id_dsa type 2
debug1: Remote protocol version 1.99, remote software version OpenSSH_3.1p1
debug1: match: OpenSSH_3.1p1 pat ^OpenSSH
Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_3.0.2p1 Debian 1:3.0.2p1-9
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: dh_gen_key: priv key bits set: 122/256
debug1: bits set: 1580/3191
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'rick' is known and matches the RSA host key.
debug1: Found key in /home/rob/.ssh/known_hosts:2
debug1: bits set: 1524/3191
debug1: ssh_rsa_verify: signature correct
debug1: kex_derive_keys
debug1: newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: waiting for SSH2_MSG_NEWKEYS
debug1: newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: done: ssh_kex2.
debug1: send SSH2_MSG_SERVICE_REQUEST
debug1: service_accept: ssh-userauth
debug1: got SSH2_MSG_SERVICE_ACCEPT
debug1: authentications that can continue: publickey,password,keyboard-interactive
debug1: next auth method to try is publickey
debug1: try pubkey: /home/rob/.ssh/id_rsa
debug1: authentications that can continue: publickey,password,keyboard-interactive
debug1: try pubkey: /home/rob/.ssh/id_dsa
debug1: authentications that can continue: publickey,password,keyboard-interactive
debug1: next auth method to try is keyboard-interactive
debug1: authentications that can continue: publickey,password,keyboard-interactive
debug1: next auth method to try is password
rob@rick's password:
However, when I try to do the same between my Linux box and OS X it's no go. I have made keys with ssh-keygen -d. I put the public key it generates on my OS X box in ~/.ssh/authorized_keys2. I made sure not to enter a password when generating it.
Are there some options I need to tweak in sshd_config or something? This has just worked w/ Linux. My ssh -v output is below. Thanks for any advice.
ssh -v Rick
OpenSSH_3.0.2p1 Debian 1:3.0.2p1-9, SSH protocols 1.5/2.0, OpenSSL 0x0090603f
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Seeding random number generator
debug1: Rhosts Authentication disabled, originating port will not be trusted.
debug1: restore_uid
debug1: ssh_connect: getuid 1000 geteuid 0 anon 1
debug1: Connecting to Rick [192.168.1.100] port 22.
debug1: temporarily_use_uid: 1000/1000 (e=0)
debug1: restore_uid
debug1: temporarily_use_uid: 1000/1000 (e=0)
debug1: restore_uid
debug1: Connection established.
debug1: read PEM private key done: type DSA
debug1: read PEM private key done: type RSA
debug1: identity file /home/rob/.ssh/identity type 0
debug1: identity file /home/rob/.ssh/id_rsa type 1
debug1: identity file /home/rob/.ssh/id_dsa type 2
debug1: Remote protocol version 1.99, remote software version OpenSSH_3.1p1
debug1: match: OpenSSH_3.1p1 pat ^OpenSSH
Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_3.0.2p1 Debian 1:3.0.2p1-9
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: dh_gen_key: priv key bits set: 122/256
debug1: bits set: 1580/3191
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'rick' is known and matches the RSA host key.
debug1: Found key in /home/rob/.ssh/known_hosts:2
debug1: bits set: 1524/3191
debug1: ssh_rsa_verify: signature correct
debug1: kex_derive_keys
debug1: newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: waiting for SSH2_MSG_NEWKEYS
debug1: newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: done: ssh_kex2.
debug1: send SSH2_MSG_SERVICE_REQUEST
debug1: service_accept: ssh-userauth
debug1: got SSH2_MSG_SERVICE_ACCEPT
debug1: authentications that can continue: publickey,password,keyboard-interactive
debug1: next auth method to try is publickey
debug1: try pubkey: /home/rob/.ssh/id_rsa
debug1: authentications that can continue: publickey,password,keyboard-interactive
debug1: try pubkey: /home/rob/.ssh/id_dsa
debug1: authentications that can continue: publickey,password,keyboard-interactive
debug1: next auth method to try is keyboard-interactive
debug1: authentications that can continue: publickey,password,keyboard-interactive
debug1: next auth method to try is password
rob@rick's password:
Mac Os X Asking For Password Ssh Key File Extension
Jan 17, 2017 Method #1: Fix when macOS keeps asking ssh passphrase after updated to Sierra or after reboots. You need to use the UseKeychain option in your /.ssh/config file. From the sshconfig man page: On macOS, specifies whether the system should search for passphrases in the user’s keychain when attempting to use a particular key. Sep 28, 2018 Smart card authentication provides strong two-factor authentication in macOS Sierra and later. MacOS High Sierra 10.13.2 and later support smart card-only authentication for the mandatory use of a smart card, which disables all password-based authentication.