Re: Setting up SSH on Snow Leopard
- From: Jolly Roger <jollyroger@xxxxxxxxx>
- Date: Wed, 29 Dec 2010 15:52:01 -0600
In article <YrqdnRh7-JTQN4bQnZ2dnUVZ_o0AAAAA@xxxxxxxxxxxx>,
"W" <persistentone@xxxxxxxxxxxxxx> wrote:
"Tom Harrington" <tph@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:tph-5BC244.13512729122010@xxxxxxxxxxxx
In article <CNCdnRP6SIHuE4bQnZ2dnUVZ_hidnZ2d@xxxxxxxxxxxx>,
"W" <persistentone@xxxxxxxxxxxxxx> wrote:
I agree with you that I need to start testing my client, but the way I
interpret debug3 above is that your SSH server supports three different
authentication methods. One of those three is password.
You could potentially clear up a lot of confusion if you'd just open up
a Terminal window on the Mac and try "ssh localhost". Then at least
you'd be sure of whether the client you're using was in any way
connected to the lack of a password prompt.
Okay, thanks to everyone's prompting in this thread, I think I have this
problem solved.
From the Mac client I did a verbose connection with:
ssh - v localhost
That result clearly shows in debug1 that the server supports
keyboard-interactive but does not support Password, in the default
configuration.
I then went to my client and simply selected Keyboard-interactive, and it
immediately worked.
What exactly are the differences between Password and Keyboard-interactive
authentication methods, and is either of those preferred from a security
view?
Someone more experienced with OpenSSH can tell you the difference(s)
between keyboard-interactive and password authentication.
Nevertheless, the most secure configuration will offer the least amount
of access required. If you want to harden your SSH server, you will
disable both keyboard-interactive and password authentication and
instead use only public/private key authentication. If you want exact
steps to do that, just let me know.
What's also interesting is that all of the public UNIX hosts I connect to
for SSH2 seem to support Password, and by default Mac OS X does not.
Apparently the admins of those public systems have chosen to enable Password
and it is not the default configuration of OpenSSH.
While it is the default for the Mac OS X OpenSSH configuration, it's not
necessarily the same for other platforms.
In general, Apple tends to lean more on the secure side of configuration
for the Unix subsystem. Very often, Linux distributions use less secure
configurations to ensure backwards compatibility and so on. While Apple
has the luxury of controlling both software and hardware, and therefore
can take more liberties (for example, the change to support only SSH
Protocol 2 connections in recent Mac OS X versions).
--
Send responses to the relevant news group rather than email to me.
E-mail sent to this address may be devoured by my very hungry SPAM
filter. Due to Google's refusal to prevent spammers from posting
messages through their servers, I often ignore posts from Google
Groups. Use a real news client if you want me to see your posts.
JR
.
- Follow-Ups:
- References:
- Setting up SSH on Snow Leopard
- From: W
- Re: Setting up SSH on Snow Leopard
- From: Richard Maine
- Re: Setting up SSH on Snow Leopard
- From: Tom Harrington
- Re: Setting up SSH on Snow Leopard
- From: Jolly Roger
- Re: Setting up SSH on Snow Leopard
- From: W
- Re: Setting up SSH on Snow Leopard
- From: Jolly Roger
- Re: Setting up SSH on Snow Leopard
- From: W
- Re: Setting up SSH on Snow Leopard
- From: Tom Harrington
- Re: Setting up SSH on Snow Leopard
- From: W
- Setting up SSH on Snow Leopard
- Prev by Date: Re: Setting up SSH on Snow Leopard
- Next by Date: Re: Setting up SSH on Snow Leopard
- Previous by thread: Re: Setting up SSH on Snow Leopard
- Next by thread: Re: Setting up SSH on Snow Leopard
- Index(es):
Relevant Pages
|
