Recently, we wanted to connect to a machine via SSH without using the default RSA key that was available in the client’s profile (~/.ssh/id_rsa).
We needed to avoid using the public key authentication method for two reasons:
- The client did not want to share the passphrase with us
- We did not want to move the key, not even temporarily
So, to connect via SSH while ignoring the key completely we connected using the following command
ssh -o PreferredAuthentications=keyboard-interactive,password -o PubkeyAuthentication=no user@server;
Explanation of parameters:
-oWas used to give options in the format used in the configuration file (/etc/ssh/ssh_config). It is useful for specifying options for which there is no separate command-line flag available.-o PreferredAuthenticationscan be used to change the default order of authentication and bypass theGSSAPI-basedauthentication, thehost-basedauthentication, thepublic keyauthentication and thechallenge-responseauthentication.
-o PreferredAuthentications=keyboard-interactive,passwordinstructs the server to perform the authentication through thekeyboard-interactivemethod and if that method is not available to use thepasswordmethod.
Thekeyboard-interactiveauthentication method is a request for all different pieces of information needed for the authentication. The server can specify, which inputs need to be hidden when user types them and which are not.
Thepasswordauthentication is a request for a single password. There is no configuration sent by the server. So the client decides how to format the prompt.-o PubkeyAuthentication=noSpecifies whether to try public key authentication. By setting the value tonoit disables it.
This post is also available in: Αγγλικα