24922 Views 7 Replies
      Latest reply on May 17, 2017 7:54 AM by serger1162
      agl Level 1 Level 1 (0 points)
      agl Jun 14, 2016 12:04 PM

        ~I haven't been able to ssh to my MacAir without using a password (with a dsa key) after installing the Sierra developer beta. Sure enough (like after other major system updates) my /etc/sshd_config file was moved to /etc/sshd_config~orig, so (as I did other times) I edited /etc/sshd_config and changed

         

        #AuthorizedKeysFile .ssh/authorized_keys

         

        into

         

        AuthorizedKeysFile .ssh/authorized_keys2

         

        This did the trick after updating to El Capitan, Yosemite, etc., but this time I keep getting a password prompt after ssh'ing into my Air. Does anybody know what else should be changed in /etc/sshd_config to allow passwordless login?

         

        Thanks,

         

        Artemio

        • Tags:
        • Re: Unable to ssh without password after installing Sierra
          howyagoin Level 1 Level 1 (0 points)
          howyagoin Jun 14, 2016 3:32 PM (in response to agl)

          One thing to keep in mind is that the Keychain, at least for me, is not currently happy with SSH keys being stored in them with /usr/bin/ssh-add -K.  Whilst I issue the command, they never land in the Keychain, and as such, all authentication is password based until I re-add the keys to the running ssh agent.

           

          I'm using MacPorts and the OpenSSH that comes with that for my sshd to access my Sierra running Mac, so, slightly different setup than yours.

            • Re: Unable to ssh without password after installing Sierra
              agl Level 1 Level 1 (0 points)
              agl Jun 15, 2016 2:05 AM (in response to howyagoin)

              Interesting. However, what I was talking about was ssh'ing to a Sierra machine using a public key without being asked for a password. I used to do that with all the previous systems by creating a DSA key in the local machine and copying the public key into the remote ~/.ssh/authorized_keys2 file (standard way). The only modification the sshd_config file (in the remote machine, running Sierra now) provided by Apple needs for this to work is to add "AuthorizedKeysFile .ssh/authorized_keys2" to it, so that the authorized_keys2 file is read. This used to work flawlessly with previous systems, but for some misterious reason it doesn't now. Do you have any idea what else in the config file should be changed?

            • Re: Unable to ssh without password after installing Sierra
              agl Level 1 Level 1 (0 points)
              agl Jun 15, 2016 6:12 AM (in response to agl)

              The problem is that DSA keys are obsolete after OpenSSH 7.0, which the new system seems to use. I generated a new RSA key and things worked again. Also, in the process I found out that the authorized_keys2 file has been actually deprecated for a long time! So I advice everybody to use authorized_keys instead, which works both with protocols 1 and 2. That way Apple's original sshd_config will work as is.

              • Re: Unable to ssh without password after installing Sierra
                icanhasjonas Level 1 Level 1 (0 points)
                icanhasjonas Aug 14, 2016 11:12 AM (in response to agl)

                Add the following to your .ssh/config file to re-enable support for your DSA keys

                PubkeyAcceptedKeyTypes=+ssh-dss
                • Re: Unable to ssh without password after installing Sierra
                  PraveenKumar Level 1 Level 1 (0 points)
                  PraveenKumar Nov 6, 2016 3:13 AM (in response to agl)

                  Hi Everyone,

                   

                  Recently i have faced the same issue once i upgraded to MAC OS Sierra all my ssh key was not working for Cisco ASA/Firewall's but was working for switches and routers and the error which i was getting as below:

                   

                  "Unable to negotiate with <IP ADDRESS> port 22: no matching key exchange method found. Their offer: diffie-hellman-group1-sha1"

                   

                  What i did to resolve this was execute the command

                  Step 1 : "sudo nano /etc/ssh/ssh_config"

                  Step 2 : " enter you MAC password"

                  Step 3 : Go at the last line and add "KexAlgorithms +diffie-hellman-group1-sha1"

                  Step 4 : Press ctrl+Y and Press enter. Press ctrl+X