Recently, we wanted to connect to a machine via SSH
without using the default RSA
key that was available in the client’s profile (~/.ssh/id_rsa
).
We needed to avoid using the public key authentication method for two reasons:
- The client did not want to share the passphrase with us
- We did not want to move the key, not even temporarily
So, to connect via SSH
while ignoring the key completely we connected using the following command
ssh -o PreferredAuthentications=keyboard-interactive,password -o PubkeyAuthentication=no user@server;
Explanation of parameters:
-o
Was used to give options in the format used in the configuration file (/etc/ssh/ssh_config
). It is useful for specifying options for which there is no separate command-line flag available.-o PreferredAuthentications
can be used to change the default order of authentication and bypass theGSSAPI-based
authentication, thehost-based
authentication, thepublic key
authentication and thechallenge-response
authentication.
-o PreferredAuthentications=keyboard-interactive,password
instructs the server to perform the authentication through thekeyboard-interactive
method and if that method is not available to use thepassword
method.
Thekeyboard-interactive
authentication method is a request for all different pieces of information needed for the authentication. The server can specify, which inputs need to be hidden when user types them and which are not.
Thepassword
authentication is a request for a single password. There is no configuration sent by the server. So the client decides how to format the prompt.-o PubkeyAuthentication=no
Specifies whether to try public key authentication. By setting the value tono
it disables it.
This post is also available in: Greek