I am adding the following settings to my docker based centos 7 /etc/ssh/sshd_config
file:
Match User ansible
PermitEmptyPasswords yes
PasswordAuthentication no
PermitRootLogin without-password
PubkeyAuthentication no
HostbasedAuthentication yes
And I am noticing that sshd is not honoring those settings, at least it is still asking for a password. In my set up, my ansible
user does not have a password at all, but I still require it to shell into various machines without authentication. I do know about ssh-copy-id
however since this is a closed docker network, I am wanting to bypass they key handling and just allow the user ansible
to pass in.
I know it's not secure, however this is just for a test environment for development only.
What additional settings should I add to my sshd_config file to ensure I am never bothered for a password nor asked to type in "yes" to accept a fingerprint?
Here is what I see when inside my docker:
[root@docker-ansible /]# ssh ansible@portal.docker.local
The authenticity of host 'portal.docker.local (172.31.0.2)' can't be established.
ECDSA key fingerprint is SHA256:klErLlMAooQXDpAVNAsGoQTt5r+GdjDX06Fgihstteo.
ECDSA key fingerprint is MD5:60:4e:1e:6a:05:12:45:e9:21:79:4b:22:0b:1b:a7:cd.
Are you sure you want to continue connecting (yes/no)? yes <-- I need to not be typing yes here.
Warning: Permanently added 'portal.docker.local,172.31.0.2' (ECDSA) to the list of known hosts.
Permission denied (gssapi-keyex,gssapi-with-mic,hostbased).
When I try again, after typing in "yes", still:
[root@docker-ansible /]# ssh ansible@portal.docker.local
Permission denied (gssapi-keyex,gssapi-with-mic,hostbased).
Update:
I just tried @telcoM's idea and although this feels close, it doesn't work. The end of my sshd_config
file is this:
Match User ansible
PermitEmptyPasswords yes
AuthenticationMethods none
But now the error i get is:
[ansible@docker-ansible ~]$ ssh -o StrictHostKeyChecking=no portal.docker.local
ansible@ocker-ansible's password:
:(
So it appears to be wanting the password still...