2

I have enabled remote login on my OS X mavericks macbook pro. After I ssh user@ip I am prompted for the remote user password. When I enter the remote user's password it's rejected. I am confident the password is correct because I've logged into the computer by hand with the password.

I've made sure the user I am trying to ssh into the computer as is included in the ssh-able set of user accounts and that Passwordauthentication yes is in /private/etc/sshd_config.

What am I missing?

Improve this question
2
  • Try to do ssh -vvv user@ip and post what it answers you. Try to login again from the console (not remotely) on that computer. Then try to use ssh from there to there: ssh localhost and see if from there you can so you have a proof. (Eventually again ssh -vvv localhost).
    – Hastur
    Commented Sep 13, 2014 at 10:58
  • 1
    @Hastur debug2: we sent a password packet, wait for reply debug1: Authentications that can continue: publickey,password,keyboard-interactive Permission denied, please try again.
    – Michael
    Commented Aug 1, 2017 at 22:13

3 Answers 3

Reset to default
2

After updating to Catalina, I had a similar problem. The reason was in the strict rules of the sshd set by default.

To solve it, in the config file /private/etc/ssh/sshd_config

Add the following strings:

PasswordAuthentication yes
ChallengeResponseAuthentication yes
UsePAM yes

Then do not forget to reload the sshd server:

sudo launchctl unload /System/Library/LaunchDaemons/ssh.plist
sudo launchctl load -w /System/Library/LaunchDaemons/ssh.plist

UsePAM. Enables the Pluggable Authentication Module interface. If set to “yes” this will enable PAM authentication using ChallengeResponseAuthentication and PasswordAuthentication. That is a powerful framework for managing the authentication of users. Using PAM you can enforce rules during the authentication (i.e. limiting access based on login count).

Improve this answer
1

Have you tried logging in with an administrator account?

Have you tried enabling the root user? Steps to enable root user:

  1. Open Users & Groups preferences, click Login Options, then click the lock icon to unlock it. If necessary, type your password, then click Unlock.
  2. In the Network Account Server section, click Join or Edit.
  3. Click Open Directory Utility.
  4. Click the lock icon to unlock it, then enter your administrator name and password.
  5. Do one of the following:
    • Choose Edit > Enable Root User, then enter a root user password in the Password and Verify fields.
    • Choose Edit > Disable Root User.
    • Choose Edit > Change Root Password, then enter a new root user password.
Improve this answer
3
  • Why do you suggest to enable the root account just to enable the connection via SSH? In many Linux distributions the remote root access (via SSH) is disabled by default (because risky, you can always connect as normal user and do su - after the login).
    – Hastur
    Commented Sep 13, 2014 at 11:05
  • @Hastur Yes you're right but it would help to know if there is a problem connecting or a problem with the user connecting.
    – TimD
    Commented Sep 14, 2014 at 2:42
  • Right point. In that case, since is needed to have root access, it's better to create a new (fresh, ordirary) account on the server just for this purpose, and delete it after. BTW the ssh program itself can help if invoked with -v tags, -vv -vvv without root privileges and without holes to fix in the security. It can happens that when you are so happy because you fix your problem, it becomes heavy(boring) to fix all the modification you have done before...
    – Hastur
    Commented Sep 14, 2014 at 7:32
0

Logging in as root is not a good solution for several reasons.
I had this problem, too, when trying to ssh from a Debian 10 box to a mac. As a workaround, I added a key to .ssh/authorized_keys on my mac manually (i.e. not using ssh, chicken and egg problem).

Then it worked.

Improve this answer

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .