195

This is a question regarding the OpenSSH client on Linux, MacOSX and FreeBSD.

Normally, I log into systems using my SSH key.

Occasionally, I want my SSH client to ignore my SSH key and use a password instead. If I 'ssh hostname', my client prompts me for the Passphrase to my SSH key which is an annoyance. Instead, I want the client to simply ignore my SSH key, so that the server will ask me for my password instead.

I tried the following, but I am still prompted for the passphrase to my SSH key. After this, I am prompted for my password.

ssh -o PreferredAuthentications=password host.example.org

I want to do this on the client side, without any modification of the remote host.

7ochem
  • 280
  • 1
  • 3
  • 12
Stefan Lasiewski
  • 22,949
  • 38
  • 129
  • 184
  • 2
    @CiroSantilli刘晓波死六四事件法轮功 Please describe why that link would be helpful, instead of posting a bare link with no context. – Stefan Lasiewski Sep 13 '17 at 23:48

1 Answers1

255

Try ssh -o PasswordAuthentication=yes -o PreferredAuthentications=keyboard-interactive,password -o PubkeyAuthentication=no host.example.org

In ssh v2, keyboard-interactive is another way to say "password". The -o PubkeyAuthentication=no option instructs the client not to attempt key pair authentication.

In addition, the PasswordAuthentication=yes option is to override any previously configured ssh options that may have disabled it.

Brian Minton
  • 256
  • 7
  • 15
Bill Weiss
  • 10,782
  • 3
  • 37
  • 65
  • 1
    And in fact 'ssh -o PreferredAuthentications=keyboard-interactive host' also works. I was thrown off by SSH_CONFIG(5), which still mentions the 'password' keyword. Thanks for the clarification. – Stefan Lasiewski Apr 07 '10 at 23:35
  • 12
    Correction: In SSH v2, **both** `password` and `keyboard-interactive` are valid, and they are different things. (`password` requires a password, and `keyboard-interactive` can technically be anything.) – user1686 Apr 08 '10 at 12:17
  • 1
    Bill could you update your answer according to grawity's comment? Look at the output of these commands: lucian@XXX:~$ ssh -o PreferredAuthentications=keyboard-interactive -o PubkeyAuthentication=no host.example.org Permission denied (publickey,gssapi-with-mic,password). lucian@XXX:~$ ssh -o PreferredAuthentications=password -o PubkeyAuthentication=no host.example.org lucian@host.example.org's password: – Lucian Adrian Grijincu Mar 15 '12 at 21:43
  • What does your server configuration look like? I've never seen that difference. As well, that wouldn't answer the original question, they were trying password. – Bill Weiss Mar 17 '12 at 12:00
  • 7
    If you want to add this switch to ssh's config file (~/.ssh/config) it's PubkeyAuthentication no in that file. – slm Aug 24 '12 at 16:17
  • 1
    `ssh -o PubkeyAuthentication=no host.example.org` worked for me, when ssh from debian to other debian. fyi – Sverre Oct 27 '14 at 07:05
  • Bingo, this works brilliantly – dspacejs Mar 30 '16 at 05:06
  • I googled many phrases before I finally found this under `ssh don't send key`. Wow, this is hard to find. – bgStack15 Aug 31 '16 at 15:00
  • 7
    Doesn't work for me. I still get *Permission denied (publickey).* Looks like it's refusing to do anything else on the server end. – reinierpost Jul 27 '18 at 12:34
  • This works with ssh-copy-id as well, thanks for the answer! – Craig London Oct 08 '18 at 16:05
  • This works for scp as well – Silidrone Dec 26 '20 at 11:55
  • Works for me. Another solution is the option `-o IdentitiesOnly=yes`. – Daviz Apr 14 '21 at 09:25
  • Note to self - if you get intermittent key exchange failure, it's nothing to do with the key. The VM is out of memory and needs rebooting! – Sridhar Sarnobat Sep 09 '21 at 21:56