Ssh – How to properly configure OS X Server 10.7.4 for SSH (password)

mac-osx-serverpasswordssh

Is there a setting somewhere that overrides the user password for SSH? Whenever I try to login via password to my os x server I get an error message in secure.log ->

Failed password for < user > from < ip > port < port > ssh2

The password is correct, I can use it locally on the server. What is going on here? Logging in via public key works fine. If I enabled PAM, I just get a different version of the same message:

error: PAM: permission denied for < user > from < client IP > via < server IP >

I am a dunce when it comes to server related things. Could someone tell me what I should be looking for? Nothing strange is output from running ssh -vvv

Best Answer

In /etc/ssh/sshd_config, PasswordAuthentication should be set to yes.

You will need to restart ssh after making this change.

It should be mentioned that the reason it's difficult to search for instructions on how to do this is that all the tutorials out there are for how to disable password authentication. There's a reason people prefer it disabled. It requires a little more initial setup but it is a more secure configuration.

Related Solutions

Linux – How to Display SSH Banner at Login for Password Authentication Only

Yes, you can use the pam_echo plugin:

auth required pam_unix.so
auth optional pam_echo.so file=/etc/ssh/password_banner.txt

This should produce the pam_echo output after password login.

See http://www.linux-pam.org/Linux-PAM-html/sag-pam_echo.html for docs.

Edit: You'll also need to make sure you have UsePAM yes in your sshd_config. Replaced password with auth.

Ssh – How to automate SSH login with password

Don't use a password. Generate a passphrase-less SSH key and push it to your VM.

If you already have an SSH key, you can skip this step… Just hit Enter for the key and both passphrases:

$ ssh-keygen -t rsa -b 2048
Generating public/private rsa key pair.
Enter file in which to save the key (/home/username/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/username/.ssh/id_rsa.
Your public key has been saved in /home/username/.ssh/id_rsa.pub.

Copy your keys to the target server:

$ ssh-copy-id id@server
id@server's password:

Now try logging into the machine, with ssh 'id@server', and check-in:

.ssh/authorized_keys

Note: If you don't have .ssh dir and authorized_keys file, you need to create it first

to make sure we haven’t added extra keys that you weren’t expecting.

Finally, check to log in…

$ ssh id@server

id@server:~$

You may also want to look into using ssh-agent if you want to try keeping your keys protected with a passphrase.

Best Answer

Related Solutions

Linux – How to Display SSH Banner at Login for Password Authentication Only

Ssh – How to automate SSH login with password

Related Topic