58

Is there a way to temporarily disable public key authentication when ssh'ing, and use password authentication instead?

I currently want to access remote server, but I'm using another laptop, not mine.

Browsing that link, I found that the command ssh -o PreferredAuthentications=keyboard-interactive -o PubkeyAuthentication=no host1.example.org doesn't work everywhere. And yes, it doesn't work for me. I'm using: OpenSSH_5.9p1 Debian-5ubuntu1, OpenSSL 1.0.1 14 Mar 2012

Edit: I also tried to type ssh -o PreferredAuthentications=password -o PubkeyAuthentication=no but still have "Permission denied (publickey)".

So, is there a specific configuration to do in the remote server, for that command to work? Or, when that command will work as expected?

Thanks a lot for advices.

Community
  • 1
Nsukami _
  • 691
  • 1
  • 5
  • 8
  • 37
    If you followed the link again, there was someone stating that your method didn't work, but this did: `ssh -o PreferredAuthentications=password -o PubkeyAuthentication=no` – NickW Mar 28 '13 at 15:03
  • @NikW Thanks a lot, maybe I should have mention it, tried the command you propose too, still have the "Permission denied (publickey)". – Nsukami _ Mar 28 '13 at 22:41
  • 1
    Just hit this problem because my laptop had a TON of keys, and ssh tried all of them, and I was rejected before even a chance to enter password. Thanks for asking. – Dallaylaen Dec 21 '15 at 15:55
  • 3
    @NickW If you put your comment as the answer, I'd upvote it. – labyrinth Jan 06 '16 at 22:22

3 Answers3

45

If you want to bypass key authentication when logging to the server, just run:

ssh -o PubkeyAuthentication=no user@host
Mikhail Zakharov
  • 561
  • 4
  • 4
10

This sounds like a configuration issue on the server side.

If the server allows both public key and password authentication then even if you try to connect without a private key file present on the client, it should prompt you for a password.

If you are getting the error message "Permission denied (publickey)" then it sounds like password authentication is not supported on your server.

Without seeing the /etc/sshd_config file, it is difficult to know but my guess would be that you need to make sure the following line exists:

PasswordAuthentication yes

Restart the ssh server, and when you connect from the client you should be prompted for a password if there is no private key present, or if the private key doesn't match the public key on the server.

A more secure alternative to this of course would be to copy your private key to the laptop which you are using, or in-fact generate a new private key to be used on that laptop and add the public key to .ssh/authorized_keys

v25
  • 748
  • 1
  • 6
  • 13
  • 4
    Please do not answer a question that wasn't asked. It makes it very annoying for other people finding this question from Google. – Timmmm Apr 08 '20 at 13:57
6

Just make an ID file that is blank.

touch $HOME/.ssh/blank

If you leave the permission 640 or 644 then ssh will complain that the permissions are not secure enough and not use it. If you chmod it to 600, then it will prompt for a password 3 times and fail because there is no password. So just leave it 640 or 644.

Then when you ssh use this command.

ssh -i $HOME/.ssh/blank servername-or-ip

You could use .ssh/config and set a host entry to not use the key but it is less temporary or you could create aliases for server and server-nokey but it gets long and is a pain to maintain.

shane
  • 69
  • 1
  • 1
  • 6
    `-i /dev/null` works too, and doesn't need checking permissions. – svvac Jul 10 '17 at 07:22
  • 1
    Blank/null files don't work, `ssh` says `Load key "/dev/null": invalid format`, then it proceeds to use the other keys you have configured anyway, and then fails to log in due to too many authentication failures. – Malvineous Feb 26 '19 at 00:43
  • For me this didn't work. Maybe my credentials were stored in the gnome keyring. – Yaroslav Nikitenko May 13 '19 at 11:49
  • 2
    This didn't work for me either. It found my id_rsa and used it. The `ssh -o PubkeyAuthentication=no ...` answer worked well. – bitinerant Feb 29 '20 at 18:07