It seems that a previous sysadmin had added the AllowUsers keywords to the sshd configuration file in /etc/sshd_config. On the AllowUsers line were listed the users who were able to connect via ssh. And wouldn't you know, my account wasn't listed.
I got to this point by reading through the /var/log/secure.log file to see what OS X was recording as the problem with connecting. There was one line in particular that stood out:
Jan 18 15:13:09 xyzzy sshd[4656]: User peter from 192.168.1.154 not allowed because not listed in AllowUsersAllowUsers? That's strange. I don't remember anywhere in OS X that would use a convention like this to control the environment. But a quick search on Google shows that this was a keyword used in the sshd configuration file. Adding my account name to the list and I was able to ssh in without any problem. Oh yeah, life is good!
One cool side note, sshd didn't have to be restarted. It's smart enough to know the configuration file has changed. Makes it very easy to test configuration changes.
But modifying the /etc/sshd_config file every time I need to allow ssh access to someone isn't an easy way to manage account priveleges on OS X. Looking a bit more at the sshd_config man page shows that there's also a AllowGroup option. So I removed the AllowUsers line and replaced it with:
AllowGroup sshThen using the standard Workgroup Manager, I added a new group called ssh and put the various accounts that need ssh access into the group. Now any accounts that needs ssh access can easily be added (or removed) from the ssh group and sshd will automatically give them access.
Yea!
