How to force ssh client to use only password auth?

by

If I use pubkey auth from e.g.: an Ubuntu 11.04 how can I set the ssh client to use only password auth to a server? (just needed because of testing passwords on a server, where I default log in with key)

I found a way:

mv ~/.ssh/id_rsa ~/.ssh/id_rsa.backup
mv ~/.ssh/id_rsa.pub ~/.ssh/id_rsa.pub.backup

and now I get prompted for password, but are there any offical ways?

Contents hide
Answers:
Method 1
Method 2
Method 3
Method 4
Method 5
Method 6
Method 7
Method 8
Method 9

Answers:

Thank you for visiting the Q&A section on Magenaut. Please note that all the answers may not help you solve the issue immediately. So please treat them as advisements. If you found the post helpful (or not), leave a comment & I’ll get back to you as soon as possible.

Method 1

I recently needed this too, and came up with this:

ssh -o PreferredAuthentications=password -o PubkeyAuthentication=no example.com

You need to make sure that the client isn’t configured to disallow password authentication.

Method 2

I’ve discovered a shortcut for this purpose:

ssh user:@example.com

Note the colon (:) and the empty password after it.

Method 3

As well as the method posted by scoopr, you can set per host options in your ssh client configuration file.

In your .ssh directory, create a file called config (if it doesn’t already exist) and set the permissions to 600, you can then create sections which start with

host <some hostname or pattern>

and then set per host options after that, for example,

host bob.specific.foo
user fred

host *.home.example
user billy
port 9191

so you could have

host server.to.test
PubkeyAuthentication no

in that file, and then simply

ssh server.to.test

and the option will get picked up.

Method 4

I recently needed this but none of the options above worked, ssh -v showed that the command-line options passed via the -o switch were over-ridden by the values specified in my ~/.ssh/config file.

What worked was this:

ssh -F /dev/null <username>@<host>

From the ssh man page:

 -F configfile
     Specifies an alternative per-user configuration file.  If a
     configuration file is given on the command line, the system-wide
     configuration file (/etc/ssh/ssh_config) will be ignored. The default 
     for the per-user configuration file is ~/.ssh/config.

Credits to this answer: How can I make ssh ignore .ssh/config?

Method 5

I tried a few of these answers, but ssh -v kept showing my public keys getting pulled out of my home directory. However, specifying a bogus identity file did the trick for me:

ssh -i /dev/null host

I have to do this permanently (to work around the broken SSH server in an APC rack-mounted PDU — stay far away from these things if you care about security — so I ended up putting the option into my config file:

Host apc1 apc2
KexAlgorithms +diffie-hellman-group1-sha1
IdentityFile /dev/null

Method 6

This is mentioned in a comment above, but I think it deserves to be its own answer.

For people receiving the Permission denied (publickey) error despite the other solutions here, the problem is likely that the server is set not to accept passwords. To change this, you need to get into the server (many services will allow you to access with a password via a virtual console on their management console) and:

  1. nano /etc/ssh/sshd_config
  2. Find PasswordAuthentication no and change it to yes, and uncomment it.
  3. Run sudo service sshd restart (or sudo systemctl restart sshd if using systemd services)
  4. Now try to log in, from a remote server, using one of the methods above, such as ssh -o PreferredAuthentications=password -o PubkeyAuthentication=no example.com

Method 7

@scoopr and @Halil Özgür answers didn’t work for me.

This worked for me:

ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no <a href="https://getridbug.com/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="fb8e889e89bb9e839a968b979ed5989496">[email protected]</a>

Source: http://linuxcommando.blogspot.com/2008/10/how-to-disable-ssh-host-key-checking.html

Method 8

I may be the only one in the world with this issue, but I had an ssh from another operating system running (choco ssh in Windows in a cygwin shell) seen via which ssh

So the solution was to 

 /usr/bin/ssh <a href="https://getridbug.com/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="0174726473416479606c716d642f626e6c">[email protected]</a>

Note the full path. I did this after I had run cyg-get openssh

Method 9

And also be sure, there is no BatchMode=yes active in .ssh/config.
Otherwise you’ve got no chance, to get an interactive password prompt.


All methods was sourced from stackoverflow.com or stackexchange.com, is licensed under cc by-sa 2.5, cc by-sa 3.0 and cc by-sa 4.0

0 0 votes
Article Rating
Subscribe
Notify of
guest

0 Comments
Oldest
Newest Most Voted
Inline Feedbacks
View all comments
0
Would love your thoughts, please comment.x
()
x