authorized_keys no longer working under Big Sur

macos command-line ssh

I use ~/.ssh/authorized_keys to allow password-less SSH connection between computers. They worked fine under macOS Catalina, but since I upgraded to macOS Big Sur they no longer work. I can log in to the other macOS all right, but I'm always asked for a password. It looks as if the server ignores my authorized_keys file.

I tried recreating the keys with ssh-keygen, removed the old authorized_keys file and created a new one with ssh-copy-id. Permissions seem fine:

8 -rw-r--r--  1 xxx  staff   2,1K  6 oct 17:20 authorized_keys
8 -rw-------  1 xxx  staff   1,8K  9 oct 17:02 id_rsa
8 -rw-r--r--  1 xxx  staff   401B  9 oct 17:02 id_rsa.pub

I suspect something has changed in /etc/sshd_config, but I can't figure out what.

The problem exists only when I try to ssh from macOS to macOS. From macOS to linux/ubuntu still works as expected (no password prompt).

Some interesting values from ssh -vvv:

debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug3: start over, passed a different list publickey,password,keyboard-interactive
debug3: preferred publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
[...]
debug2: we sent a publickey packet, wait for reply
[...]
debug2: we did not send a packet, disable method
debug3: authmethod_lookup keyboard-interactive
debug3: remaining preferred: password
debug3: authmethod_is_enabled keyboard-interactive
debug1: Next authentication method: keyboard-interactive
debug2: userauth_kbdint
debug3: send packet: type 50
debug2: we sent a keyboard-interactive packet, wait for reply
debug3: receive packet: type 60
debug2: input_userauth_info_req
debug2: input_userauth_info_req: num_prompts 1

When I log in from macOS to Linux/Ubuntu, I see a line:

Server accepts key: /path/to/id_rsa RSA [...]

The line is missing when I try to log in from macOS to another macOS machine.

I also tried different algorithms:

$ ssh-keygen -t dsa
$ ssh-keygen -t ed25519

None of them worked. Does anybody have the same problem?


Solution 1:

The problem turned out to be the fact that I had moved my user's home directory from the usual location at /Users/username to a different partition at /Volumes/Data. (A user's home may be anywhere, it can be changed with the Directory Utility.) Somehow, the sshd did not like this. I simply moved the home one directory deeper, to /Volumes/Data/username. Problem gone, now I can log in with the authorized keys without password!

Related

Keyboard shortcut within Mission Control for choosing a specific application window?
Time Machine snapshots become dataless
Create a custom keyboard layout
Two program versions, file associations everywhere
Ubuntu 20.04 taking too long to boot up
Error with Cloudy's make command on WSL2
KWin lags severely after closing an OpenGL program, but only with external monitor connected
Simulate action of mv command
cronjob not firing
Kernel worker uses one core at 80% all the time [duplicate]
NO_PUBKEY error when trying to run "sudo apt update"
From where does "apt-get install package_name" download packages?