10

When I try to ssh into localhost, it accepts the public key and immediately closes the connection. I've been going through pages of Google results for hours now with no progress. Here's what I get after ssh -v user@localhost: 

OpenSSH_5.9p1, OpenSSL 0.9.8r 8 Feb 2011
debug1: Reading configuration data /Users/user/.ssh/config
debug1: Reading configuration data /etc/ssh_config
debug1: /etc/ssh_config line 20: Applying options for *
debug1: Connecting to localhost [::1] port 22.
debug1: Connection established.
debug1: identity file /Users/user/.ssh/id_rsa type -1
debug1: identity file /Users/user/.ssh/id_rsa-cert type -1
debug1: identity file /Users/user/.ssh/id_dsa type 2
debug1: identity file /Users/user/.ssh/id_dsa-cert type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.9
debug1: match: OpenSSH_5.9 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.9
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Server host key: RSA 67:2f:0b:c8:40:e8:87:0f:57:ee:c7:68:ae:8a:5a:02
debug1: Host 'localhost' is known and matches the RSA host key.
debug1: Found key in /Users/user/.ssh/known_hosts:1
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Trying private key: /Users/user/.ssh/id_rsa
debug1: Offering DSA public key: /Users/user/.ssh/id_dsa
debug1: Server accepts key: pkalg ssh-dss blen 433
debug1: read PEM private key done: type DSA
Connection closed by ::1

I'm running OSX 10.8, using ssh through Terminal.

HypnoticSheep
  • 843
  • 1
  • 7
  • 16

3 Answers3

26

Okay, so what finally worked was explicitly allowing connections from user. Setting System Prefs > Sharing > Remote Login > Allow access for: to All Users doesn't work; instead I had to check Only these users: and manually add all users. Hope this helps anyone else having the same problem.

HypnoticSheep
  • 843
  • 1
  • 7
  • 16
  • That doesn't sound like an ssh setting. Perhaps you should tag this question [tag:mac-os-x-server]? – ghoti Aug 20 '12 at 23:59
  • 1
    It's not an ssh setting, but it does have to do directly with ssh. Good idea on adding the osx server tag though, I'll do that now. – HypnoticSheep Aug 21 '12 at 17:17
  • +1 Excellent, not documented, and not possible to work out from sshd logs. Seriously quirky of MacOS. Thank you Mr Sheep. – smci Mar 16 '13 at 23:35
  • Thanks for sharing! I was looking at git and ssh config for hours until I stumbled upon your answer. – Hanxue Oct 21 '13 at 03:50
  • 2
    For me, 'All these users' was enabled, but no user was added. When I added user to 'All these users' it worked. Interestingly it worked when I selected 'All Users' too – Arun Joy Thekkiniyath Nov 02 '15 at 08:56
  • @ArunJoyThekkiniyath , same case , i selected All Users , it worked for me , thanks – Bravo Mar 16 '19 at 18:24
3

A long time ago I had the same problem with Telnet, and if I remember it well, the problem was with the user having no home directory in /etc/passwd. I am assuming that you are trying to create a password-less connection, am I right? When you google it, there is a good explanation of it here: http://diuf.unifr.ch/main/tech/node/57 Also, here is an explanation how to quickly make the password less connection http://greg-n-blog.blogspot.com/search/label/scp

Grzegorz
  • 3,207
  • 3
  • 20
  • 43
  • How would I go about setting a home directory/checking if one exists? For the links, the first one didn't help and the second one just errors out, saying: `Connection closed by 127.0.0.1 Connection closed by 127.0.0.1 hostname=` – HypnoticSheep Aug 20 '12 at 21:20
  • Also, the password-less connection already works, like I said above the public key is accepted before the connection is closed. – HypnoticSheep Aug 20 '12 at 21:27
  • 1
    Yes, you are right. The eyes of the sheep hypnotized me ;) Sorry about too quick answer. I can only give you some ideas, which you may find not so smart, but who knows. Can you grep MaxStartups /etc/ssh/sshd_config If it shows 1 then that might be the problem, because you actuall open two connections at the same time. Of course, if you do the change you need to restart sshd. – Grzegorz Aug 20 '12 at 21:39
  • 1
    I have run a test on my machine and it differs a little bit when publickey is tried: ... :((( I don't know how to paste it so it breaks lines, and you can see the output... debug1: Next authentication method: publickey debug1: Trying private key: /root/.ssh/identity debug1: Offering public key: /root/.ssh/id_rsa debug1: Server accepts key: pkalg ssh-rsa blen 277 debug1: read PEM private key done: type RSA debug1: Authentication succeeded (publickey). debug1: channel 0: new [client-session] debug1: Entering interactive session. debug1: Sending environment. – Grzegorz Aug 20 '12 at 21:53
  • Checked `/etc/sshd_config` and `MaxStartups` was commented out. Not sure what the default is, but I uncommented it and set it to 10. Restarted sshd (toggled Remote Login in System Prefs), but no change in the output. Also, based on your debug output, maybe my key isn't being accepted after all; mine stops just before `"Authentication succeeded"`, so maybe it's a problem with my key after all. – HypnoticSheep Aug 20 '12 at 22:55
0

This worked for me in Cygwin using Windows within a large domain:

Add your Windows user ID to /etc/passwd. You can get it by typing $ mkpasswd -d | grep [username]. In a large domain, you may have to wait several hours.

Make sure the user ID given in /etc/passwd matches that in $ id -u, and the group ID matches that for Administrators in /etc/group

BrownsFan
  • 41
  • 2