no longer quite OT

Richard L. Hamilton rlhamil at smart.net
Mon Sep 3 09:27:10 UTC 2018


As for password-less, you don't need MacPorts sshd for that.  Some OS versions back, that just worked.  Now you have to do a little bit to make it work (outgoing - it still works incoming, with the usual measures, give or take something odd in /etc/ssh/sshd_config).

Here's some discussion about that:
https://apple.stackexchange.com/questions/48502/how-can-i-permanently-add-my-ssh-private-key-to-keychain-so-it-is-automatically <https://apple.stackexchange.com/questions/48502/how-can-i-permanently-add-my-ssh-private-key-to-keychain-so-it-is-automatically>

Here, as I recall, is what I did about it (aside from whatever step from the discussion above added the keys to my macOS Keychain):

sh-3.2$ cat ~/Library/LaunchAgents/local.ssh-add.plist
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
    <key>Label</key>
    <string>ssh-add-a</string>
    <key>ProgramArguments</key>
    <array>
        <string>ssh-add</string>
        <string>-A</string>
    </array>
    <key>RunAtLoad</key>
    <true/>
</dict>
</plist>

And of course either
launchctl load -w ~/Library/LaunchAgents/local.ssh-add.plist
or log out and log back in again (the latter actually being a better test, since that's what needs to work in the long run).

I don't swear that I didn't forget something - I just look up stuff like this, fix it, and unfortunately don't always take notes on what I did, so this is reconstruction after-the-fact.

Oh, and just to mess with people's minds on something marginally related, it's not too hard to compile and configure Linux pam-ssh-agent-auth for macOS (or even for Solaris), allowing for example that you can set it up so that if "ssh account at localhost" works with keys, then "su account" also works with keys; which might be convenient for some scripts; but of course NOT scripts run from cron (which couldn't count on your ssh-agent running, let alone being able to contact it). As I recall, it takes a little fiddling, because you just want that one module rather than all of them to build, and because Linux went their own way a bit with PAM (even though Sun invented it), so there are some minor incompatibilities to work around; but nothing a little doggedness won't get past.

> On Sep 3, 2018, at 04:06, Bill Parducci <bill at parducci.net> wrote:
> 
> System Settings -> Sharing -> Remote Access
> 
> ...or something close to that will dis/enable native sshd in OSX (not on my laptop, so may be a wee bit imprecise).
> 
>> On Sep 2, 2018, at 10:04 PM, James <jam at tigger.ws> wrote:
>> 
>> Hi All
>> since I’ve been unable to solve passwd-less login on High Sierra I installed port openssh.
>> 
>> All good except I have  two daemons waiting on port 22. I can easily find the LaunchDaemon for openssh but I cannot fathom how apple run their ssh daemon, or even what it is called.
>> 
>> I miss linux’s netstat -anp.
>> 
>> Can anyone help
>> thanks
>> James
> 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.macports.org/pipermail/macports-users/attachments/20180903/fc7a73c2/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 874 bytes
Desc: Message signed with OpenPGP
URL: <http://lists.macports.org/pipermail/macports-users/attachments/20180903/fc7a73c2/attachment.sig>


More information about the macports-users mailing list