On Sep 03 21:50:35, [email protected] wrote: > Jan I must assume that you have never done a password-less login > to a high sierra machine and the tone of your questions betrays that.
Password-less login to 10.13.6 works for me just fine, with the method described above (put your *.pub to the authorized_keys). That's the system /usr/sbin/sshd, which is OpenSSH_7.6, LibreSSL 2.6.2. Below is a log of such a session, from OpenBSD 6.3 to MacOS 10.13.6. > hell 40 years experience using unix and I have and do do many many I'm sure you do do. > > On 3 Sep 2018, at 8:00 pm, [email protected] wrote: > > What port? > > actually openssh which works everywhere ( where works == password-less login > NB nothing to do with pass-phrase) does not work on high sierra In the current port tree, that's OpenSSH 7.6p1r5 (right?). Have you tried the same with the system OpenSSH? Have you tried with the OpenSSH port built upon the LibreSSL port, as opposed to the OpenSSL port? What is the difference? > >> i usually copy the public key by hand, but I also used ssh-copy-id > >> from 1_mac to another > >> from 1_mac to itself > >> from 1_mac to a plethora of linux machines and virtual machines > >> > >> 1_mac cannot login passwd-less to another. > > To another what? > > The original post made clear I called the first mac "mac-1" > and the second mac “another" What happens when you try a 10.13.6 server with a different client? > >> 1_mac CAN login to the linux boxes passwdless > >> The logs show nothing of interest Well, there must be a message about what failed with the keys, right? > Umm I’m confused. I see a password prompt not a shell prompt. I see too > public_key auth failed wthi error 51 before password auth gets tried So show us the full -v -v log. > I can see my suspition is not happening > which was blank pass phrase is not allowed. That would be a restriction of the _client_ (which I doubt), and the client log would surely say so. Jan hans@box:~$ ssh -v -v fitbook OpenSSH_7.8, LibreSSL 2.8.0 debug1: Reading configuration data /home/hans/.ssh/config debug1: /home/hans/.ssh/config line 1: Applying options for * debug1: Reading configuration data /etc/ssh/ssh_config debug2: resolving "fitbook" port 22 debug2: ssh_connect_direct debug1: Connecting to fitbook [192.168.11.8] port 22. debug1: Connection established. debug1: identity file /home/hans/.ssh/id_rsa type 0 debug1: identity file /home/hans/.ssh/id_rsa-cert type -1 debug1: identity file /home/hans/.ssh/id_dsa type -1 debug1: identity file /home/hans/.ssh/id_dsa-cert type -1 debug1: identity file /home/hans/.ssh/id_ecdsa type -1 debug1: identity file /home/hans/.ssh/id_ecdsa-cert type -1 debug1: identity file /home/hans/.ssh/id_ed25519 type -1 debug1: identity file /home/hans/.ssh/id_ed25519-cert type -1 debug1: identity file /home/hans/.ssh/id_xmss type -1 debug1: identity file /home/hans/.ssh/id_xmss-cert type -1 debug1: Local version string SSH-2.0-OpenSSH_7.8 debug1: Remote protocol version 2.0, remote software version OpenSSH_7.6 debug1: match: OpenSSH_7.6 pat OpenSSH_7.0*,OpenSSH_7.1*,OpenSSH_7.2*,OpenSSH_7.3*,OpenSSH_7.4*,OpenSSH_7.5*,OpenSSH_7.6*,OpenSSH_7.7* compat 0x04000002 debug2: fd 3 setting O_NONBLOCK debug1: Authenticating to fitbook:22 as 'hans' debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug2: local client KEXINIT proposal debug2: KEX algorithms: curve25519-sha256,[email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c debug2: host key algorithms: [email protected],[email protected],[email protected],ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,[email protected],[email protected],[email protected],[email protected],ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa debug2: ciphers ctos: [email protected],aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected] debug2: ciphers stoc: [email protected],aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected] debug2: MACs ctos: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-sha1 debug2: MACs stoc: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-sha1 debug2: compression ctos: none,[email protected],zlib debug2: compression stoc: none,[email protected],zlib debug2: languages ctos: debug2: languages stoc: debug2: first_kex_follows 0 debug2: reserved 0 debug2: peer server KEXINIT proposal debug2: KEX algorithms: curve25519-sha256,[email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1 debug2: host key algorithms: ssh-rsa,rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256,ssh-ed25519 debug2: ciphers ctos: [email protected],aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected] debug2: ciphers stoc: [email protected],aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected] debug2: MACs ctos: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-sha1 debug2: MACs stoc: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-sha1 debug2: compression ctos: none,[email protected] debug2: compression stoc: none,[email protected] debug2: languages ctos: debug2: languages stoc: debug2: first_kex_follows 0 debug2: reserved 0 debug1: kex: algorithm: curve25519-sha256 debug1: kex: host key algorithm: ecdsa-sha2-nistp256 debug1: kex: server->client cipher: [email protected] MAC: <implicit> compression: none debug1: kex: client->server cipher: [email protected] MAC: <implicit> compression: none debug1: expecting SSH2_MSG_KEX_ECDH_REPLY debug1: Server host key: ecdsa-sha2-nistp256 SHA256:8nCwT07dWP68CTuDdS1g2O6vIhfpxCU9Y5cqY7N415k debug1: Host 'fitbook' is known and matches the ECDSA host key. debug1: Found key in /home/hans/.ssh/known_hosts:62 debug2: set_newkeys: mode 1 debug1: rekey after 134217728 blocks debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug1: SSH2_MSG_NEWKEYS received debug2: set_newkeys: mode 0 debug1: rekey after 134217728 blocks debug2: key: /home/hans/.ssh/id_rsa (0x7121b82aa80) debug2: key: /home/hans/.ssh/id_dsa (0x0) debug2: key: /home/hans/.ssh/id_ecdsa (0x0) debug2: key: /home/hans/.ssh/id_ed25519 (0x0) debug2: key: /home/hans/.ssh/id_xmss (0x0) debug1: SSH2_MSG_EXT_INFO received debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519,ssh-rsa,rsa-sha2-256,rsa-sha2-512,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521> debug2: service_accept: ssh-userauth debug1: SSH2_MSG_SERVICE_ACCEPT received debug1: Authentications that can continue: publickey,password,keyboard-interactive debug1: Next authentication method: publickey debug1: Offering public key: RSA SHA256:v9EQjf6ESD7ppCQMn5IfsI49i5uF5EuVg9zNFFDnz/c /home/hans/.ssh/id_rsa debug2: we sent a publickey packet, wait for reply debug1: Server accepts key: pkalg rsa-sha2-512 blen 279 debug2: input_userauth_pk_ok: fp SHA256:v9EQjf6ESD7ppCQMn5IfsI49i5uF5EuVg9zNFFDnz/c debug1: Authentication succeeded (publickey). Authenticated to fitbook ([192.168.11.8]:22). debug1: channel 0: new [client-session] debug2: channel 0: send open debug1: Requesting [email protected] debug1: Entering interactive session. debug1: pledge: network debug1: client_input_global_request: rtype [email protected] want_reply 0 debug2: channel_input_open_confirmation: channel 0: callback start debug2: fd 3 setting TCP_NODELAY debug2: client_session2_setup: id 0 debug2: channel 0: request pty-req confirm 1 debug2: channel 0: request shell confirm 1 debug2: channel_input_open_confirmation: channel 0: callback done debug2: channel 0: open confirm rwindow 0 rmax 32768 debug2: channel_input_status_confirm: type 99 id 0 debug2: PTY allocation request accepted on channel 0 debug2: channel 0: rcvd adjust 2097152 debug2: channel_input_status_confirm: type 99 id 0 debug2: shell request accepted on channel 0 Last login: Mon Sep 3 21:08:23 2018 from 192.168.11.3 fitbook:~ hans$ uname -a Darwin fitbook.stare.cz 17.7.0 Darwin Kernel Version 17.7.0: Thu Jun 21 22:53:14 PDT 2018; root:xnu-4570.71.2~1/RELEASE_X86_64 x86_64 fitbook:~ hans$ which sshd /usr/sbin/sshd
