Hello,
I'm using a variety of hints from macosxhints.com to make SSH more
secure on my Mac. (They happened to have all the tips I was looking
for.)
First I got SSH to log SSH logins, and I disabled SSH password login,
with keys properly set up. Then I followed the directions in the
third hint to change the sshd port, changing /etc/services and
modifying and reloading the launchctl plist. Now I'm getting the
following errors in Console:
error: Could not load host key: /etc/ssh_host_rsa_key
error: Could not load host key: /etc/ssh_host_dsa_key
Initial audit status check failed (Operation not permitted)
Initial audit status check failed (Operation not permitted)
No supported key exchange algorithms
My first thought was to check permissions, but these seem to be fine:
-rw-r--r-- 1 root wheel 1159 Mar 20 2005 /etc/ssh_config
-rw------- 1 root wheel 668 Apr 6 14:45 /etc/ssh_host_dsa_key
-rw-r--r-- 1 root wheel 623 Apr 6 14:45 /etc/ssh_host_dsa_key.pub
-rw------- 1 root wheel 548 Apr 6 14:45 /etc/ssh_host_key
-rw-r--r-- 1 root wheel 352 Apr 6 14:45 /etc/ssh_host_key.pub
-rw------- 1 root wheel 887 Apr 6 14:45 /etc/ssh_host_rsa_key
-rw-r--r-- 1 root wheel 243 Apr 6 14:45 /etc/ssh_host_rsa_key.pub
And in ~/.ssh:
-rw------- 1 bkazez admin 625 Apr 6 14:36 authorized_keys2
-rw------- 1 bkazez admin 736 Apr 6 14:30 id_dsa
-rwxrwxr-x 1 bkazez admin 625 Apr 6 14:30 id_dsa.pub
-rw-r--r-- 1 bkazez admin 1917 Apr 6 11:41 known_hosts
Here's a verbose (-vv) log from the client side:
Code:
OpenSSH_3.8.1p1, OpenSSL 0.9.7i 14 Oct 2005
debug1: Reading configuration data /etc/ssh_config
debug2: ssh_connect: needpriv 0
debug1: Connecting to localhost [::1] port #####.
debug1: Connection established.
debug1: identity file /Users/bkazez/.ssh/identity type -1
debug1: identity file /Users/bkazez/.ssh/id_rsa type -1
debug2: key_type_from_name: unknown key type '-----BEGIN'
debug2: key_type_from_name: unknown key type 'Proc-Type:'
debug2: key_type_from_name: unknown key type 'DEK-Info:'
debug2: key_type_from_name: unknown key type '-----END'
debug1: identity file /Users/bkazez/.ssh/id_dsa type 2
debug1: Remote protocol version 2.0, remote software version
OpenSSH_3.8.1p1
debug1: match: OpenSSH_3.8.1p1 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_3.8.1p1
debug1: An invalid name was supplied
Configuration file does not specify default realm
debug1: An invalid name was supplied
A parameter was malformed
Validation error
debug1: An invalid name was supplied
Configuration file does not specify default realm
debug1: An invalid name was supplied
A parameter was malformed
Validation error
debug1: SSH2_MSG_KEXINIT sent
Connection closed by ::1
Does anyone know what the problem could be? I've spent a long time
trying to figure it out, but I haven't had any luck.
Ben
P.S. Here are the macosxhints.com tips I followed:
Restore logging of SSH logins
http://www.macosxhints.com/article.p...51012162448301
Disable ssh password login under Tiger
http://www.macosxhints.com/article.p...50815135941513
Change the default sshd port
http://www.macosxhints.com/article.p...50707140439980
P.P.S. I posted this request for help on macosxhints.com's forums but
haven't gotten a response in several days.
