Re: [Fink-users] OpenSSH question

[Alexander H. <ale...@gm...>]

Paul Fons wrote:
> A few weeks or so ago, I remember installing openssh via fink on my  
> macbook pro (15 Al unibody).  Using ssh to connect to other machines  
> worked fine, however, I found that I could not ssh in to my machine  
> anymore.  After scratching my head for a while, I gave up and removed  
> the openssh package via the fink remove command and find that I still  
> cannot log in to my laptop machine even using localhost.  
Did you kill off any running sshd processes and/or reboot afterwards, to
make sure that you're not still using fink's sshd?
> What is odd  
> about this is that I am unable to login via ssh to localhost even when  
> I copy the .ssh directory from my desktop which works fine  
> (permissions are fine as well).  The file /etc/sshd_config is also the  
> default file.  There are no errors showing up in /var/secure.log.  The  
> console just shows that ssh tries to check a public key and apparently  
> gets now answer.  Might anyone have clue as to what is going on?  I am  
> fine to use the fink openssh as well, but I thought it would be best  
> to get things working first.
>
>
> It seems that we send a pubkey and wait for reply, but it never comes.
>
> ssh -vvv paulfons@localhost
>
> bunch of text
>
>
> debug1: SSH2_MSG_SERVICE_ACCEPT received
> debug2: key: /Users/paulfons/.ssh/id_dsa (0x107f50)
> debug2: key: /Users/paulfons/.ssh/identity (0x0)
> debug2: key: /Users/paulfons/.ssh/id_rsa (0x0)
> debug1: Authentications that can continue: publickey
> debug3: start over, passed a different list publickey
> debug3: preferred publickey,keyboard-interactive,password
> debug3: authmethod_lookup publickey
> debug3: remaining preferred: keyboard-interactive,password
> debug3: authmethod_is_enabled publickey
> debug1: Next authentication method: publickey
> debug1: Offering public key: /Users/paulfons/.ssh/id_dsa
> debug3: send_pubkey_test
> debug2: we sent a publickey packet, wait for reply
> debug1: Authentications that can continue: publickey
>
> Here it fails as I only have a single dsa key in the folder.  The  
> access for .ssh is set for 700 and for authorized_keys to 600 whilst  
> the rest are set to 700.  I am
>
> ~/.ssh $ls -lte
> total 40
> -rw-------  1 paulfons  staff   745 Mar 30 22:12 config
> -rw-------  1 paulfons  staff  1131 Mar 30 21:13 authorized_keys
> -rw-------  1 paulfons  staff  1131 Mar 30 21:13 id_dsa.pub
> -rw-------  1 paulfons  staff  1264 Mar 30 21:13 id_dsa
> -rw-------  1 paulfons  staff  2160 Mar 30 08:57 known_hosts
>
> The /etc/sshd_config file is pretty much standard with just a few  
> changes (e.g. turn off passwords and disable root login).
>
>   
> #LoginGraceTime 2m
> PermitRootLogin no
>
> #RSAAuthentication yes
> #PubkeyAuthentication yes
> #AuthorizedKeysFile	.ssh/authorized_keys
> # For this to work you will also need host keys in /etc/ssh_known_hosts
> #RhostsRSAAuthentication no
> # similar for protocol version 2
> #HostbasedAuthentication no
> # Change to yes if you don't trust ~/.ssh/known_hosts for
> # RhostsRSAAuthentication and HostbasedAuthentication
> #IgnoreUserKnownHosts no
> # Don't read the user's ~/.rhosts and ~/.shosts files
> #IgnoreRhosts yes
>
> # To disable tunneled clear text passwords, change to no here!
> PasswordAuthentication no
> #PermitEmptyPasswords no
>
>
>   
I've had problems in the past with sshd using the default configuration
of fink's openssh package.  However, that was a long enough time ago
that I'll have to hunt around to see exactly what I wound up doing (I
settled for using the system-provided version on Leopard, which has been
fine for my use).

A new openssh was released to current/unstable last week, but I'm not
sure whether that solves the problem at hand or not.