Last night, I was setting up password-free SSH connections (using, basically, the information in this ancient hint) between my machines here in the house -- at some point during all the 10.5 upgrading, I'd broken it between a couple of the boxes. Everything worked fine on the mini and the MacBook Pro, and when connecting from the Mac Pro to the other machines. Connecting to the Mac Pro, however, still required entering my password. I double and triple checked everything with the key files, tried RSA and DSA keys, and ran ssh in triple-debug (-vvv) mode. Nothing was any help at all.
Turning to Google, I (ironically) found the solution right here on our own forum site -- in a thread that had been updated with the solution only a couple days ago. In a nutshell, the problem was that the permissions on my user's folder on the Mac Pro were incorrect (and Repair Permissions in Disk Utility didn't fix them). In Terminal, I ran the first of the three commands shown in the thread (as only my top-level user's folder had incorrect permissions)
$ chmod go-w ~/
$ chmod 700 ~/.ssh
$ chmod 600 ~/.ssh/authorized_keys
Once the permissions were fixed, ssh worked as expected. But the real hint in the forum thread wasn't the actual fix; it was a tidbit on how to diagnose the problem in the first place -- one that may be useful for other sorts of ssh connectivity issues as well.
Despite using triple-verbose mode with ssh, it still didn't tell me enough to fix the problem -- the feedback in verbose mode contained no detail that would help identify why I was still being asked for a password. As noted in the forum thread, however, there is a spot where you can find more details: in the secure.log file in /var/log on the machine you're trying to connect to. So on the Mac Pro, I ran sudo tail -f /var/log/secure.log, then tried to connect to the Mac Pro from the mini. On the Mac Pro's screen, the problem then appeared, clear as day:
Apr 23 21:10:55 MacPro sshd[16329]: Authentication refused: bad ownership or modes for directory /Users/robg
It would be really nice if the ssh daemon provided this information as part of the verbose output, but it doesn't (probably because it would give too much info to attackers?). So if you're having ssh connectivity issues and verbose mode isn't helping, try tailing the secure.log file on the machine you're connecting to; it may provide the detail you need to solve the problem.
Mac OS X Hints
http://hints.macworld.com/article.php?story=20080424055927442