Unable to use passwordless ssh login to Mac computer

(Hawk McDuck) #1

FreePBX / Asterisk 16.17.0 / all modules up to date
macOS Mojave 10.14.6 / OS updates are current

I need to set up a daily cron job using scp to transfer FreePBX backup files to a storage location on a remote server, a Mac Pro 5,1 running Mojave, for safekeeping. I would like to configure ssh with a passwordless login, and have followed the instructions at the following link:


However, I’m not able to log in from the FreePBX server at to the remote machine at (IPs anonymized) without using a password, as follows:


The public and private key files on the local machine (FreePBX):

$ ls ~/.ssh/id_*
/home/userxyz/.ssh/id_rsa /home/userxyz/.ssh/id_rsa.pub

Relevant files on the remote machine (macOS):

$ ls -ld userxyz
drwxrwxr-x+ 55 userxyz staff 1760 13 Jun 19:45 userxyz
$ ls -lR userxyz/.ssh
total 16
-rw-------+ 1 userxyz staff 2235 13 Jun 19:03 authorized_keys
-rw-r–r--+ 1 userxyz staff 4025 13 Jun 19:44 known_hosts

I’m obviously missing something. Can someone assist in troubleshooting this issue?


Does the authorized_keys file on your macOS include the data from your FreePBX’s id_rsa.pub file? If so, is the id_rsa(private key) file loaded on your FreePBX with the ssh-add command?

If you are using the Backup module from FreePBX15, you shouldn’t need to do some of those steps manually. The newer Backup module has an option to save automatic backups to a server accessed with Storage Location: SSH.

When that option is selected, the keys found in /home/asterisk/.ssh are used:

The private key(id_rsa) should already be loaded on the system, you’ll just need to make sure the contents of id_rsa.pub is included on your Mac’s authorized_keys file. The contents of the id_rsa.pub file should match what you see in the Global Settings tab of the gui(Admin->Backup & Restore).

After you confirm that the pub key is added to your Mac, you can test the connection by making a backup, or trying to ssh into the mac while your ssh’d into your pbx as user asterisk. If you want to test the connection while you’re logged in as root, you’ll have to manually load that id_rsa private key file with the ssh-add command, since its intended purpose is to only be loaded for the user named ‘asterisk’.

(Jared Busch) #3

From your log on pastebin:

debug1: Remote: Ignored authorized keys: bad ownership or modes for directory /Users/userxyz

(Jared Busch) #4

He clearly stated he is using a cron job. This means he is not using anything in the FreePBX ecosystem. Including the abnormal key locations and mandatory rsa key versions that you have.

(system) closed #5

This topic was automatically closed 31 days after the last reply. New replies are no longer allowed.