78

Is there a way to temporarily disable public key authentication when ssh'ing, and use password authentication instead?

I currently want to access remote server, but I'm using another laptop, not mine.

Browsing that link, I found that the command ssh -o PreferredAuthentications=keyboard-interactive -o PubkeyAuthentication=no host1.example.org doesn't work everywhere. And yes, it doesn't work for me. I'm using: OpenSSH_5.9p1 Debian-5ubuntu1, OpenSSL 1.0.1 14 Mar 2012

Edit: I also tried to type ssh -o PreferredAuthentications=password -o PubkeyAuthentication=no but still have "Permission denied (publickey)".

So, is there a specific configuration to do in the remote server, for that command to work? Or, when that command will work as expected?

Thanks a lot for advices.

Community
  • 1
Nsukami _
  • 891

4 Answers4

73

If you want to bypass key authentication when logging to the server, just run:

ssh -o PubkeyAuthentication=no user@host
Mikhail Zakharov
  • 841
8

This sounds like a configuration issue on the server side.

If the server allows both public key and password authentication then even if you try to connect without a private key file present on the client, it should prompt you for a password.

If you are getting the error message "Permission denied (publickey)" then it sounds like password authentication is not supported on your server.

Without seeing the /etc/sshd_config file, it is difficult to know but my guess would be that you need to make sure the following line exists:

PasswordAuthentication yes

Restart the ssh server, and when you connect from the client you should be prompted for a password if there is no private key present, or if the private key doesn't match the public key on the server.

A more secure alternative to this of course would be to copy your private key to the laptop which you are using, or in-fact generate a new private key to be used on that laptop and add the public key to .ssh/authorized_keys

v25
  • 790
  • 1
  • 6
  • 14
6

Just make an ID file that is blank.

touch $HOME/.ssh/blank

If you leave the permission 640 or 644 then ssh will complain that the permissions are not secure enough and not use it. If you chmod it to 600, then it will prompt for a password 3 times and fail because there is no password. So just leave it 640 or 644.

Then when you ssh use this command.

ssh -i $HOME/.ssh/blank servername-or-ip

You could use .ssh/config and set a host entry to not use the key but it is less temporary or you could create aliases for server and server-nokey but it gets long and is a pain to maintain.

shane
  • 77
1

As the other answers are providing pertinent solutions that worked for me here and there, I'm posting another trick that helped when the others failed.

First run ssh -Q key to obtain a list of possible key types in your install.

Pick a key algorithm you are not using, in the below example I picked sk-ecdsa-sha2-nistp256@openssh.com and then restrict ssh to use only that type, by appending -oPubkeyAcceptedKeyTypes=sk-ecdsa-sha2-nistp256@openssh.com to the ssh command.

With a quick alias, things would look like

$ alias ssh-nokey='ssh -oPubkeyAcceptedKeyTypes=sk-ecdsa-sha2-nistp256@openssh.com'
$ ssh-nokey remoteuser@remotehost
remoteuser@remotehost's password:

When running, the ssh client will look at all available keys in the ~/.ssh folder, their usual algorithm is rsa / ed25519, so ssh will not find one that matches the sk-ecdsa-sha2-nistp256 used as an example.

claudiuf
  • 121