0

After upgrading to Mac OS X Sierra, I am no longer able to ssh with a password, I get the error:

Permission denied, please try again.

On the one machine I have ssh keys set up for, it just automatically logs in with no password.

I have tried looking for "PasswordAuthentication" in /etc/sshd_config. It is commented out, which I have read is the default for "yes", but I have also tried setting it explicitly to "yes" and restarting the sshd daemon, with no luck.

I have tried enabling access to specific users via the command line but it still doesn't work. I do not presently have local access to the device so I can't use System Preferences to attempt this.

I have tried running the server manually with debugging output:

 sudo /usr/sbin/sshd -p 22 -d -d -d

I get the following output:

debug3: receive packet: type 50 [preauth]
debug1: userauth-request for user michael service ssh-connection method password [preauth]
debug1: attempt 3 failures 2 [preauth]
debug2: input_userauth_request: try method password [preauth]
debug3: mm_auth_password entering [preauth]
debug3: mm_request_send entering: type 12 [preauth]
debug3: mm_auth_password: waiting for MONITOR_ANS_AUTHPASSWORD [preauth]
debug3: mm_request_receive_expect entering: type 13 [preauth]
debug3: mm_request_receive entering [preauth]
debug3: mm_request_receive entering
debug3: monitor_read: checking request 12
debug3: mm_answer_authpassword: sending result 0
debug3: mm_request_send entering: type 13
Failed password for michael from xxx.xxx.xxx.xxx port yyyyy ssh2
debug3: BSM audit: typ 4 rc -1 "invalid password for user michael"
debug3: BSM audit: writing audit new record
debug3: mm_auth_password: user not authenticated [preauth]
debug3: userauth_finish: failure partial=0 next methods="publickey,password,keyboard-interactive" [preauth]
debug3: send packet: type 51 [preauth]

Which seems to suggest I am entering the wrong password, but I have triple checked and am entering the right password for the right user.

Update: Got physical access to the machine, under System Preferences it lists my account as one having ssh access.

Michael
  • 2,614
  • 6
  • 31
  • 51
  • it may be more restrictive on permissions. chmod 700 .ssh; chmod 644 .ssh/authorized_keys – strobelight Aug 29 '17 at 04:25
  • @strobelight current permissions match what you have specified – Michael Aug 29 '17 at 04:37
  • hmm, remote login still enabled? firewall blocking port 22? – strobelight Aug 29 '17 at 04:48
  • and, I don't see log entries using keys – strobelight Aug 29 '17 at 04:56
  • one more permission check, the user home directory may need to be 700. – strobelight Aug 29 '17 at 04:58
  • @strobelight home dir was 755, 700 made no difference. port 22 is blocked/filtered by ISP, so externally a different port is used and the router is re-directing it to the correct port internally. everything works with password-less login. not sure what you mean about log entries using keys. – Michael Aug 29 '17 at 17:40
  • well, ok, to me the whole advantage of ssh is to enter my passphrase for my private key once and ssh around without entering password/passphrases ever again. So, if you insist on entering passwords all the time, I would first confirm correct password. Since you have access to the machine, hopefully root or sudo too, create a user, become that user, then "su - michael", enter password. If incorrect, that's the issue. – strobelight Aug 29 '17 at 18:38
  • now that I'm on my mac, I have remote login as well as screen sharing enabled in the firewall. I also have "automatically allow ..." boxes checked. – strobelight Aug 29 '17 at 18:47
  • @strobelight the advantage of being able to log in with a password is not needing to generate and install keys from any arbitrary machine I'm trying to connect from, especially one-offs. – Michael Aug 30 '17 at 00:29
  • I rarely ssh into my MAC from anywhere else, but was able to using my password. I'm on Sierra 10.12.4. I only have 4 non-default sshd_config entries: `AuthorizedKeysFile .ssh/authorized_keys` `UsePAM yes` `AcceptEnv LANG LC_*` `Subsystem sftp /usr/libexec/sftp-server` – strobelight Sep 01 '17 at 20:12
  • on my Mac, it's in /etc/ssh/ – strobelight Oct 01 '17 at 22:22
  • @strobelight Thanks for your help. When I commented out the `UsePAM yes` line in /etc/ssh/sshd_config and restarted it worked. I had previously been editing /etc/sshd_config. – Michael Oct 01 '17 at 22:25

0 Answers0