I'm trying to access a Mac remotely (I do have physical access to this Mac) through SSH from a Linux client computer. My goal is to access this Mac from outside the network. Port forwarding is set up on the router. From my client computer I'm able to ssh user@ip
for the public IP and I am able to get into the Mac, so port forwarding is working.
Now I want to set up SSH keys. I've generated SSH keys on my client computer but I wanted to get the SSH Daemon on the Mac setup first. I edited /etc/ssh_config
and set PasswordAuthentication no
. I restarted SSH with these commands: sudo launchctl unload /System/Library/LaunchDaemons/ssh.plist
, then sudo launchctl load -w /System/Library/LaunchDaemons/ssh.plist
. When I try to SSH in from the client again, it still asks for my password.
I took a look at this post and from the answer I added UsePAM no
to the config file and restarted the service with launchctl
again. I'm still being prompted for a password.
I also tried the solution here. I'm still being prompted for a password.
How do I set up my ssh_config
to so that it doesn't ask for the password and only accepts SSH keys? Am I not restarting the daemon properly? Is there another step I am missing?
Best Answer
I was editing the wrong configuration file! Instead of
/etc/ssh_config
, I editedprivate/etc/sshd_config
. I think this probably would have also worked if I edited/etc/sshd_config
as per the updated answer from @GhostLyrics, but I didn't test that yet so I can't say for sure. After that, I restarted the service withsudo launchctl stop com.openssh.sshd
and thensudo launchctl start com.openssh.sshd
and I was able to get my desired behavior. Here is the resource where I found the pertinent information: https://superuser.com/questions/364304/how-do-i-configure-ssh-on-os-xHere are the config options I changed:
After that I was successfully able to generate SSH keys on my client computer, moved the public key to
~/.ssh/authorized_keys
on the Mac and set permissions for that file to 644.It is important to note that those permissions are for my public key. My private key permissions are set to 600 on my client computer. This is really important if you have both your public and private key in your
~/.ssh
folder and there are multiple users on the system. If your private key permissions are set to 644 then any user could read your private key and impersonate you. Also, the permissions for the~/.ssh
folder should be 700.