1

Sorry if this sounds like a repeat, but I'm fairly sure it's specifically Mac OS X 10.9 related, it works fine for me on my 10.8 machine. I've done everything identically, as usual:

$:~ ssh-keygen -t rsa -P "" $:~ cat $HOME/.ssh/id_rsa.pub >> $HOME/.ssh/authorized_keys

But yet it always demands a password now on 10.9. Apparently, it's not accepting the public key:

% ssh -v localhost OpenSSH_6.2p2, OSSLShim 0.9.8r 8 Dec 2011 ... debug1: Authentications that can continue: publickey,keyboard-interactive debug1: Next authentication method: publickey debug1: Offering RSA public key: /Users/edwardbrowne/.ssh/id_rsa debug1: Authentications that can continue: publickey,keyboard-interactive

Note that when it's working on 10.8, the line after "Offering RSA public key:" is like so:

debug1: Server accepts key: pkalg ssh-rsa blen 279

But in 10.9 it doesn't accept it, it just moves on to the next authentication method. In both cases, the "id_rsa" file seems identical:

% ls -l id_rsa -rw------- 1 edwardb staff 1679 Mar 30 10:16 id_rsa %

So why does the server accept the offer of the public key in one case, but not in the other?

Thanks, and cheers - Ed

Improve this question
1
  • Sorry, I should have said that both /etc/ssh_config and /etc/sshd_config are the same (on the 10.9 machine and the 10.8 machine.) I copied them over, and restarted sshd, but no change.
    – EdB
    Commented Apr 7, 2014 at 0:32

5 Answers 5

Reset to default
1

If you get any error remove (or change to something else) ~/.ssh/known_hosts and retry connecting to localhost.

Improve this answer
1
  • No, that doesn't have any effect (I can't see why it would.)
    – EdB
    Commented Apr 9, 2014 at 21:27
1

I had the exact same problem, and it turned out that I had too many readwrite permissions in my .ssh directory. I ran chmod 700 ~/.ssh, to ensure that the .ssh directory permissions looked like this:

drwx------ 15 username staff 510 Jun 2 01:08 .ssh

And then it worked like a charm.

Improve this answer
0

I resolved it by using a dsa key instead. I already had one so I just added it to authorized_keys

$cat id_dsa.pub >> authorized_keys

If you don't have a dsa key, you could try creating one to see if it works:

$ssh-keygen -t dsa -P ""
Improve this answer
1
  • Thanks, but it doesn't accept id_dsa from 10.9 either. See: ...debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic debug1: Next authentication method: publickey debug1: Offering RSA public key: /Users/edward/.ssh/id_rsa debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic debug1: Offering DSA public key: /Users/edward/.ssh/id_dsa debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic debug1: No more authentication methods to try. Permission denied (publickey,gssapi-keyex,gssapi-with-mic). %
    – EdB
    Commented Oct 13, 2014 at 17:03
0

I had similar problem (also for use by hadoop) on 0SX 10.11. I saw that in the /var/log/system.log I had:

sshd[22163]: Authentication refused: bad ownership or modes for directory

I did:

chmod g-w $HOME
chmod o-w $HOME

And ssh localhost started working without a password.

Improve this answer
-1

Have you tried...

ssh-add $HOME/.ssh/id_rsa

I had a similar issue with OS X 10.10 and that fixed it for me.

Improve this answer
2
  • You should explain what this does and how it answers the question.
    – David Richerby
    Commented Jan 15, 2015 at 23:51
  • Hmmm, thanks, but that doesn't change anything (I'm with @david-richerby, too, I'd like to know what this might do to fix the problem.)
    – EdB
    Commented Jan 19, 2015 at 18:09

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .