quite OT

Jan Stary hans at stare.cz
Mon Sep 3 19:39:39 UTC 2018


On Sep 03 21:50:35, jam at tigger.ws wrote:
> Jan I must assume that you have never done a password-less login
> to a high sierra machine and the tone of your questions betrays that.

Password-less login to 10.13.6 works for me just fine,
with the method described above (put your *.pub to the authorized_keys).
That's the system /usr/sbin/sshd, which is OpenSSH_7.6, LibreSSL 2.6.2.
Below is a log of such a session, from OpenBSD 6.3 to MacOS 10.13.6.

> hell 40 years experience using unix and I have and do do many many

I'm sure you do do.

> > On 3 Sep 2018, at 8:00 pm, macports-users-request at lists.macports.org wrote:
> > What port?
> 
> actually openssh which works everywhere ( where works == password-less login NB nothing to do with pass-phrase) does not work on high sierra

In the current port tree, that's OpenSSH 7.6p1r5 (right?).
Have you tried the same with the system OpenSSH?
Have you tried with the OpenSSH port built upon the LibreSSL port,
as opposed to the OpenSSL port? What is the difference?

> >> i usually copy the public key by hand, but I also used ssh-copy-id
> >> from 1_mac to another
> >> from 1_mac to itself
> >> from 1_mac to a plethora of linux machines and virtual machines
> >> 
> >> 1_mac cannot login passwd-less to another.
> > To another what?
> 
> The original post made clear I called the first mac "mac-1"
> and the second mac “another"

What happens when you try a 10.13.6 server with a different client?

> >> 1_mac CAN login to the linux boxes passwdless
> >> The logs show nothing of interest

Well, there must be a message about what failed with the keys, right?

> Umm I’m confused. I see a password prompt not a shell prompt. I see too public_key auth failed wthi error 51 before password auth gets tried

So show us the full -v -v log.

> I can see my suspition is not happening
> which was blank pass phrase is not allowed.

That would be a restriction of the _client_ (which I doubt),
and the client log would surely say so.

	Jan


hans at box:~$ ssh -v -v fitbook
OpenSSH_7.8, LibreSSL 2.8.0
debug1: Reading configuration data /home/hans/.ssh/config
debug1: /home/hans/.ssh/config line 1: Applying options for *
debug1: Reading configuration data /etc/ssh/ssh_config
debug2: resolving "fitbook" port 22
debug2: ssh_connect_direct
debug1: Connecting to fitbook [192.168.11.8] port 22.
debug1: Connection established.
debug1: identity file /home/hans/.ssh/id_rsa type 0
debug1: identity file /home/hans/.ssh/id_rsa-cert type -1
debug1: identity file /home/hans/.ssh/id_dsa type -1
debug1: identity file /home/hans/.ssh/id_dsa-cert type -1
debug1: identity file /home/hans/.ssh/id_ecdsa type -1
debug1: identity file /home/hans/.ssh/id_ecdsa-cert type -1
debug1: identity file /home/hans/.ssh/id_ed25519 type -1
debug1: identity file /home/hans/.ssh/id_ed25519-cert type -1
debug1: identity file /home/hans/.ssh/id_xmss type -1
debug1: identity file /home/hans/.ssh/id_xmss-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_7.8
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.6
debug1: match: OpenSSH_7.6 pat OpenSSH_7.0*,OpenSSH_7.1*,OpenSSH_7.2*,OpenSSH_7.3*,OpenSSH_7.4*,OpenSSH_7.5*,OpenSSH_7.6*,OpenSSH_7.7* compat 0x04000002
debug2: fd 3 setting O_NONBLOCK
debug1: Authenticating to fitbook:22 as 'hans'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: local client KEXINIT proposal
debug2: KEX algorithms: curve25519-sha256,curve25519-sha256 at libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c
debug2: host key algorithms: ecdsa-sha2-nistp256-cert-v01 at openssh.com,ecdsa-sha2-nistp384-cert-v01 at openssh.com,ecdsa-sha2-nistp521-cert-v01 at openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519-cert-v01 at openssh.com,rsa-sha2-512-cert-v01 at openssh.com,rsa-sha2-256-cert-v01 at openssh.com,ssh-rsa-cert-v01 at openssh.com,ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa
debug2: ciphers ctos: chacha20-poly1305 at openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm at openssh.com,aes256-gcm at openssh.com
debug2: ciphers stoc: chacha20-poly1305 at openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm at openssh.com,aes256-gcm at openssh.com
debug2: MACs ctos: umac-64-etm at openssh.com,umac-128-etm at openssh.com,hmac-sha2-256-etm at openssh.com,hmac-sha2-512-etm at openssh.com,hmac-sha1-etm at openssh.com,umac-64 at openssh.com,umac-128 at openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: MACs stoc: umac-64-etm at openssh.com,umac-128-etm at openssh.com,hmac-sha2-256-etm at openssh.com,hmac-sha2-512-etm at openssh.com,hmac-sha1-etm at openssh.com,umac-64 at openssh.com,umac-128 at openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: compression ctos: none,zlib at openssh.com,zlib
debug2: compression stoc: none,zlib at openssh.com,zlib
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug2: peer server KEXINIT proposal
debug2: KEX algorithms: curve25519-sha256,curve25519-sha256 at libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1
debug2: host key algorithms: ssh-rsa,rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256,ssh-ed25519
debug2: ciphers ctos: chacha20-poly1305 at openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm at openssh.com,aes256-gcm at openssh.com
debug2: ciphers stoc: chacha20-poly1305 at openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm at openssh.com,aes256-gcm at openssh.com
debug2: MACs ctos: umac-64-etm at openssh.com,umac-128-etm at openssh.com,hmac-sha2-256-etm at openssh.com,hmac-sha2-512-etm at openssh.com,hmac-sha1-etm at openssh.com,umac-64 at openssh.com,umac-128 at openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: MACs stoc: umac-64-etm at openssh.com,umac-128-etm at openssh.com,hmac-sha2-256-etm at openssh.com,hmac-sha2-512-etm at openssh.com,hmac-sha1-etm at openssh.com,umac-64 at openssh.com,umac-128 at openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: compression ctos: none,zlib at openssh.com
debug2: compression stoc: none,zlib at openssh.com
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: chacha20-poly1305 at openssh.com MAC: <implicit> compression: none
debug1: kex: client->server cipher: chacha20-poly1305 at openssh.com MAC: <implicit> compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:8nCwT07dWP68CTuDdS1g2O6vIhfpxCU9Y5cqY7N415k
debug1: Host 'fitbook' is known and matches the ECDSA host key.
debug1: Found key in /home/hans/.ssh/known_hosts:62
debug2: set_newkeys: mode 1
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug2: set_newkeys: mode 0
debug1: rekey after 134217728 blocks
debug2: key: /home/hans/.ssh/id_rsa (0x7121b82aa80)
debug2: key: /home/hans/.ssh/id_dsa (0x0)
debug2: key: /home/hans/.ssh/id_ecdsa (0x0)
debug2: key: /home/hans/.ssh/id_ed25519 (0x0)
debug2: key: /home/hans/.ssh/id_xmss (0x0)
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519,ssh-rsa,rsa-sha2-256,rsa-sha2-512,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521>
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Offering public key: RSA SHA256:v9EQjf6ESD7ppCQMn5IfsI49i5uF5EuVg9zNFFDnz/c /home/hans/.ssh/id_rsa
debug2: we sent a publickey packet, wait for reply
debug1: Server accepts key: pkalg rsa-sha2-512 blen 279
debug2: input_userauth_pk_ok: fp SHA256:v9EQjf6ESD7ppCQMn5IfsI49i5uF5EuVg9zNFFDnz/c
debug1: Authentication succeeded (publickey).
Authenticated to fitbook ([192.168.11.8]:22).
debug1: channel 0: new [client-session]
debug2: channel 0: send open
debug1: Requesting no-more-sessions at openssh.com
debug1: Entering interactive session.
debug1: pledge: network
debug1: client_input_global_request: rtype hostkeys-00 at openssh.com want_reply 0
debug2: channel_input_open_confirmation: channel 0: callback start
debug2: fd 3 setting TCP_NODELAY
debug2: client_session2_setup: id 0
debug2: channel 0: request pty-req confirm 1
debug2: channel 0: request shell confirm 1
debug2: channel_input_open_confirmation: channel 0: callback done
debug2: channel 0: open confirm rwindow 0 rmax 32768
debug2: channel_input_status_confirm: type 99 id 0
debug2: PTY allocation request accepted on channel 0
debug2: channel 0: rcvd adjust 2097152
debug2: channel_input_status_confirm: type 99 id 0
debug2: shell request accepted on channel 0
Last login: Mon Sep  3 21:08:23 2018 from 192.168.11.3
fitbook:~ hans$ uname -a
Darwin fitbook.stare.cz 17.7.0 Darwin Kernel Version 17.7.0: Thu Jun 21 22:53:14 PDT 2018; root:xnu-4570.71.2~1/RELEASE_X86_64 x86_64
fitbook:~ hans$ which sshd
/usr/sbin/sshd


More information about the macports-users mailing list