Archive for May 25th, 2015

Public Key authentication using ssh

 

Something thats been puzzling me for a little while was preventing password authenticated logins to the OS X Server with via ssh. Setting this up on a Linux box is a sinch but for some reason I couldn’t get this done on OS X.

Finally this has been solved.

cd in to your local .ssh directory. If you don’t have one then run the line below and it will take care of that.

[code language=”plain”]mkdir ~/.ssh; cd ~/.ssh
[/code]

The next step it to generate you public and private keys

[code language=”plain”]ssh-keygen -t dsa
[/code]

Follow the prompts and enter you chosen password. Choose wisely and remember it. The next step is to copy the public key over to the remote machine and create the appropreate key file.

[code language=”plain”]cat ~/.ssh/id_rsa.pub | ssh user@remote.server.com ‘cat >> ~/.ssh/authorized_keys’
[/code]

Now we have the basics in place try to ssh in to your remote server ssh user@remote.server.com and you should now be asked for you public key password. Yes the one you used to create the public and private keys. This you can save in your keychain should you wish. Now with the password entered you should be able to straight in to the remote server.

Now that we have access to the server my advice would be to open another terminal window and log in to the server for a second time. This is a safe guard and a way to correct any errors or typo’s you may have during the next steps.

Now open the /etc/sshd_config file, I use vim but nano is equally as good. As always create a cpy of the orginal file before we edit it.

[code language=”plain”] sudo cp /etc/sshd_config /etc/sshd_config.old; sudo vim /etc/sshd_config
[/code]

I created a sectoin within the file so I can locate my edits and entered or un-commented.

[code language=”plain”]# Authentication:

LoginGraceTime 1m
PermitRootLogin no
StrictModes yes
MaxAuthTries 4
MaxSessions 4

RSAAuthentication yes
PubkeyAuthentication yes

# My Additions…
ChallengeResponseAuthentication no
PasswordAuthentication no
UsePAM no
[/code]

The above are the edits I have made to my sshd_config file. Copy the missing lines and edit the exsisting to match the above.

Now log out of one of your current ssh sessions and the log back in. You shhould all being good log in with public key authentication, no password prompt. Now log out and try to log back in with a user who has remote login permission. You should be denied access.

All is working as it should.

May 25, 2015 | By | Reply More