-
Re: Unable to ssh without password after installing Sierra
howyagoin Jun 14, 2016 3:32 PM (in response to agl)One thing to keep in mind is that the Keychain, at least for me, is not currently happy with SSH keys being stored in them with /usr/bin/ssh-add -K. Whilst I issue the command, they never land in the Keychain, and as such, all authentication is password based until I re-add the keys to the running ssh agent.
I'm using MacPorts and the OpenSSH that comes with that for my sshd to access my Sierra running Mac, so, slightly different setup than yours.
-
Re: Unable to ssh without password after installing Sierra
agl Jun 15, 2016 2:05 AM (in response to howyagoin)Interesting. However, what I was talking about was ssh'ing to a Sierra machine using a public key without being asked for a password. I used to do that with all the previous systems by creating a DSA key in the local machine and copying the public key into the remote ~/.ssh/authorized_keys2 file (standard way). The only modification the sshd_config file (in the remote machine, running Sierra now) provided by Apple needs for this to work is to add "AuthorizedKeysFile .ssh/authorized_keys2" to it, so that the authorized_keys2 file is read. This used to work flawlessly with previous systems, but for some misterious reason it doesn't now. Do you have any idea what else in the config file should be changed?
-
-
Re: Unable to ssh without password after installing Sierra
agl Jun 15, 2016 6:12 AM (in response to agl)The problem is that DSA keys are obsolete after OpenSSH 7.0, which the new system seems to use. I generated a new RSA key and things worked again. Also, in the process I found out that the authorized_keys2 file has been actually deprecated for a long time! So I advice everybody to use authorized_keys instead, which works both with protocols 1 and 2. That way Apple's original sshd_config will work as is.
-
Re: Unable to ssh without password after installing Sierra
icanhasjonas Aug 14, 2016 11:12 AM (in response to agl)Add the following to your .ssh/config file to re-enable support for your DSA keys
PubkeyAcceptedKeyTypes=+ssh-dss
-
Re: Unable to ssh without password after installing Sierra
travellingkiwi Sep 22, 2016 1:56 PM (in response to icanhasjonas)If you're going to add dsa keys back in, then you could just use telnet...
-
-
Re: Unable to ssh without password after installing Sierra
PraveenKumar Nov 6, 2016 3:13 AM (in response to agl)Hi Everyone,
Recently i have faced the same issue once i upgraded to MAC OS Sierra all my ssh key was not working for Cisco ASA/Firewall's but was working for switches and routers and the error which i was getting as below:
"Unable to negotiate with <IP ADDRESS> port 22: no matching key exchange method found. Their offer: diffie-hellman-group1-sha1"
What i did to resolve this was execute the command
Step 1 : "sudo nano /etc/ssh/ssh_config"
Step 2 : " enter you MAC password"
Step 3 : Go at the last line and add "KexAlgorithms +diffie-hellman-group1-sha1"
Step 4 : Press ctrl+Y and Press enter. Press ctrl+X
-
Re: Unable to ssh without password after installing Sierra
serger1162 May 17, 2017 7:54 AM (in response to PraveenKumar)Thanks for this. Perfect.
-