I'm trying to SSH from one Mac running OS X 10.6 to another. Seems to work fine via a password, but I can't get it to use a RSA key instead. Where is the ssh configuration file on OS X and what is the command to reload SSH?
Update
What I'm asking is how to configured advanced options. For example, on Ubuntu there is a ssh config file at /etc/ssh/sshd_config and if you do something like change the port or disable password authentication for a particular user (PasswordAuthentication no) you need to run /etc/init.d/ssh reload to reload the config. I didn't see that file on OS X, so was just wondering where it was. I am aware of the ~/.ssh ~/.ssh/authorized_keys and ``~/.ssh/config`
5 Answers
The SSHD configuration is stored in
/private/etc/ssh/sshd_configTo stop and start SSHD:
sudo launchctl stop com.openssh.sshd
sudo launchctl start com.openssh.sshd 4 You can restart SSH somewhere in the sharing dialogs, but you don't have to. According to the man page on apple.com keys go to the ~/.ssh/authorized_keys file.
In OS X El Capitan 10.11, sshd_config is in /private/etc/ssh/sshd_config (same as /etc/ssh/sshd_config)
I found out that in macOS Monterey (12.0), if you just disable PasswordAuthentication, it will still ask for a password (in the keyboard-interactive mode). To fully disable it, you have to set two options in /etc/ssh/sshd_config:
PasswordAuthentication no
ChallengeResponseAuthentication noAnd then restart SSH server with these commands:
sudo launchctl unload /System/Library/LaunchDaemons/ssh.plist
sudo launchctl load -w /System/Library/LaunchDaemons/ssh.plistOr going to System Preferences -> Sharing and unchecking + checking "Remote Login".
Note that in newer OS X releases it is not enough to enable "Remote login" in System Preferences > Sharing to allow SSH connections to your Mac if the firewall is running.
Go to System Preferences > Security & Privacy > Firewall > Firewall Options. You will see that "Remote login" is listed on the top and incoming connections are allowed. Contrary to expectations this is not sufficient. You have to add another program called /usr/libexec/sshd-keygen-wrapper as well (locate its directory with [Shift-Cmd-G]), using the [+] button and then set "Allow incoming connections" for it. Now you'll be able to SSH into your machine.