I had a problem a while back and it seemed to have gotten fixed somewhere between 10.1.2 and 10.1.3. After applying the April Security Patch, it's now back...
Turning on "Allow Remote Logon" the first time allows SSH access to my machine.
Logging out locally disables the ability to log in by SSH and even logging back on locally does not fix it until I manually stop and restart the SSHD server.
Here's a clip from my system.log:
-
[Starting SSHD from Control Panel]
Apr 11 21:45:15 localhost sshd[526]: Server listening on 0.0.0.0 port 22.
Apr 11 21:45:15 localhost sshd[526]: Generating 1152 bit RSA key.
Apr 11 21:45:17 localhost sshd[526]: RSA key generation complete.
[Initiating SSH session from client machine]
Apr 11 21:45:44 localhost sshd[528]: Connection from 192.168.100.9 port 4552
Apr 11 21:45:44 localhost sshd[528]: Enabling compatibility mode for protocol 2.0
Apr 11 21:45:51 localhost sshd[528]: Could not reverse map address 192.168.100.9.
Apr 11 21:45:51 localhost sshd[528]: Failed none for <username> from 192.168.100.9 port 4552 ssh2
Apr 11 21:45:51 localhost sshd[528]: Found matching DSA key: 7a:35:d4:9b:46:3e:7e:c5:29:75:b4:5e:c4:2a:60:d9
Apr 11 21:45:51 localhost sshd[528]: Postponed publickey for <username> from 192.168.100.9 port 4552 ssh2
Apr 11 21:45:54 localhost sshd[528]: Found matching DSA key: 7a:35:d4:9b:46:3e:7e:c5:29:75:b4:5e:c4:2a:60:d9
Apr 11 21:45:54 localhost sshd[528]: Accepted publickey for <username> from 192.168.100.9 port 4552 ssh2
Apr 11 21:45:54 localhost sshd[529]: lastlog_perform_login: Couldn't stat /var/log/lastlog: No such file or directory
Apr 11 21:45:54 localhost sshd[529]: lastlog_openseek: /var/log/lastlog is not a file or directory!
Apr 11 21:45:54 localhost sshd[529]: lastlog_perform_login: Couldn't stat /var/log/lastlog: No such file or directory
Apr 11 21:45:54 localhost sshd[529]: lastlog_openseek: /var/log/lastlog is not a file or directory!
Apr 11 21:45:58 localhost sshd[528]: Connection closed by remote host.
Apr 11 21:45:58 localhost sshd[528]: Closing connection to 192.168.100.9
[Logging off local machine (Apple Menu/Log Out)]
Apr 11 21:46:29 localhost loginwindow[490]: kCGErrorIllegalArgument : CGSUnregisterWindowWithSystemStatusBar: Invalid window
Apr 11 21:46:30 localhost configd[136]: executing /System/Library/SystemConfiguration/Kicker.bundle/Resources/restart-automount
Apr 11 21:46:30 localhost WindowServer[489]: loginwindow connection closed; closing server.
Apr 11 21:46:30 localhost mach_init[2]: notified that requestor of subset 8459 died
Apr 11 21:46:30 localhost mach_init[2]: Service NSApplication-MainThread-164029238612# deleted - bootstrap deleted
Apr 11 21:46:30 localhost mach_init[2]: Service DockClient-20001-0 deleted - bootstrap deleted
Apr 11 21:46:30 localhost mach_init[2]: Service CoreDrag-11267 deleted - bootstrap deleted
Apr 11 21:46:30 localhost mach_init[2]: notified that requestor of subset 21515 died
Apr 11 21:46:30 localhost mach_init[2]: Service AppleEvents-System deleted - bootstrap deleted
Apr 11 21:46:30 localhost mach_init[2]: Service RecentItemServer deleted - bootstrap deleted
Apr 11 21:46:30 localhost mach_init[2]: Service O3Master deleted - bootstrap deleted
Apr 11 21:46:30 localhost mach_init[2]: Service ScreenSaverDaemon deleted - bootstrap deleted
Apr 11 21:46:30 localhost mach_init[2]: Service com.apple.MBCDOController deleted - bootstrap deleted
Apr 11 21:46:30 localhost WindowServer[540]: Display 0x5b81c5c0: Unit 0; Vendor 0x756e6b6e Model 0x717 S/N 0; online (0,0)[1024 x 768], base addr 0xa000b000
Apr 11 21:46:30 localhost mach_init[2]: added notification for sub-bootstrap
[Attempting SSH session from client machine after local logoff]
Apr 11 21:46:39 localhost sshd[546]: Connection from 192.168.100.9 port 4553
Apr 11 21:46:39 localhost sshd[546]: Enabling compatibility mode for protocol 2.0
Apr 11 21:46:47 localhost sshd[546]: input_userauth_request: illegal user <username>
Apr 11 21:46:47 localhost sshd[546]: Failed none for illegal user <username> from 192.168.100.9 port 4553 ssh2
Apr 11 21:46:47 localhost sshd[546]: Failed publickey for illegal user <username> from 192.168.100.9 port 4553 ssh2
Apr 11 21:46:47 localhost sshd[546]: Failed keyboard-interactive for illegal user <username> from 192.168.100.9 port 4553 ssh2
Apr 11 21:46:47 localhost sshd[546]: Received disconnect from 192.168.100.9: 11: No supported authentication methods available
Apr 11 21:46:52 localhost mach_init[2]: added notification for sub-bootstrap
Apr 11 21:46:52 localhost configd[136]: executing /System/Library/SystemConfiguration/Kicker.bundle/Resources/restart-automount
Apr 11 21:47:06 localhost sshd[526]: Received signal 15; terminating.
[Restarting SSHD through control panel]
Apr 11 21:47:08 localhost sshd[563]: Server listening on 0.0.0.0 port 22.
Apr 11 21:47:08 localhost sshd[563]: Generating 1152 bit RSA key.
Apr 11 21:47:09 localhost sshd[563]: RSA key generation complete.
Considering the message illegal user which sshd gives, the first thing to look at is if there are entries in /var/log/netinfo.log at the same time. Also, have you made any changes to /etc/sshd_config?
That's what the weird part is... no entries in netinfo.log and the config mirrors my G4 at work with exactly the same setup!
Perhaps reinstalling SSHD might be the key but I have no idea how to go about doing that; plus, I'd like to keep OpenSSH in line with Apple's release as much as possible...
Cheers.
Originally posted by blb Considering the message illegal user which sshd gives, the first thing to look at is if there are entries in /var/log/netinfo.log at the same time. Also, have you made any changes to /etc/sshd_config?
I bit the bullet and followed the instructions given by www.stepwise.com and just recompiled OpenSSH from scratch. So far, everything seems fine which tells me that something must have been corrupted.
I just hope this doesn't affect the next round of security updates from Apple.
Cheers.
Originally posted by blb Considering the message illegal user which sshd gives, the first thing to look at is if there are entries in /var/log/netinfo.log at the same time. Also, have you made any changes to /etc/sshd_config?
