Linux/Unix: Force ssh client to use only password auth authentication when pubkey auth configured

Author: Vivek Gite Last updated: January 21, 2017 0 comments

I configured and use my openssh server to accept only public key based authentication. I need to test if my server accepting password. How to allow ssh client to use only password auth when pubkey auth configured?

You can force your ssh client on a Linux, MacOS, FreeBSD, OpenBSD and Unix-like system to use only password authentication.

How to get prompted for password when I use pubkey auth?

The syntax is:
ssh -o PreferredAuthentications=password -o PubkeyAuthentication=no user@server
For example:
$ ssh -o PreferredAuthentications=password -o PubkeyAuthentication=no vivek@server1.cyberciti.biz $ ssh -o PreferredAuthentications=password -o PubkeyAuthentication=no root@ln.db1
Sample outputs:

Fig.01: How to force openssh client to use only password auth

Where,

PreferredAuthentications=password – The methods available for authentication are like GSSAPI-based authentication, host-based authentication, public key authentication, challenge response authentication, and password authentication. Authentication methods are tried in the order specified above, though PreferredAuthentications can be used to change the default order.
PubkeyAuthentication=no – Disable public key authentication and force ssh to use password using PreferredAuthentications=password

Please note that you must have PasswordAuthentication yes set in server’s /etc/ssh/sshd_config file. If you want root user access set PermitRootLogin yes in server’s /etc/ssh/sshd_config file. Otherwise you will get an error that read as follows:

Permission denied (publickey,keyboard-interactive).

A note about why root over SSH is bad idea with or without password

ssh root@mordor ?

It is dangerous enabling root login. The attacker or bots try to log in your server using brute force methods. They start with a simple password like “123456” and so on. They do this for an extended time to gain root access. With advancement in bandwidth and given resources the attacker or bots might end up getting root access to your server. I do not trust root or any other users to use password-based login as most users are at bad choosing passwords. Hence, I recommend that you do not enable password based login. See how to use public key based login for more info:

🐧 Get the latest tutorials on SysAdmin, Linux/Unix, Open Source/DevOps topics:

RSS feed or Weekly email newsletter
Share to Twitter • Facebook • 0 comments... add one ↓

UP NEXT

Category	List of Unix and Linux commands
File Management	cat
Firewall	CentOS 8 • OpenSUSE • RHEL 8 • Ubuntu 16.04 • Ubuntu 18.04 • Ubuntu 20.04
Network Utilities	dig • host • ip • nmap
OpenVPN	CentOS 7 • CentOS 8 • Debian 10 • Debian 8/9 • Ubuntu 18.04 • Ubuntu 20.04
Package Manager	apk • apt
Processes Management	bg • chroot • cron • disown • fg • jobs • killall • kill • pidof • pstree • pwdx • time
Searching	grep • whereis • which
User Information	groups • id • lastcomm • last • lid/libuser-lid • logname • members • users • whoami • who • w
WireGuard VPN	CentOS 8 • Debian 10 • Firewall • Ubuntu 20.04