84

Is there a way to temporarily disable public key authentication when ssh'ing, and use password authentication instead?

I currently want to access remote server, but I'm using another laptop, not mine.

Browsing that link, I found that the command ssh -o PreferredAuthentications=keyboard-interactive -o PubkeyAuthentication=no host1.example.org doesn't work everywhere. And yes, it doesn't work for me. I'm using: OpenSSH_5.9p1 Debian-5ubuntu1, OpenSSL 1.0.1 14 Mar 2012

Edit: I also tried to type ssh -o PreferredAuthentications=password -o PubkeyAuthentication=no but still have "Permission denied (publickey)".

So, is there a specific configuration to do in the remote server, for that command to work? Or, when that command will work as expected?

Thanks a lot for advices.

Improve this question
4
  • 42
    If you followed the link again, there was someone stating that your method didn't work, but this did: ssh -o PreferredAuthentications=password -o PubkeyAuthentication=no Commented Mar 28, 2013 at 15:03
  • @NikW Thanks a lot, maybe I should have mention it, tried the command you propose too, still have the "Permission denied (publickey)". Commented Mar 28, 2013 at 22:41
  • 1
    Just hit this problem because my laptop had a TON of keys, and ssh tried all of them, and I was rejected before even a chance to enter password. Thanks for asking. Commented Dec 21, 2015 at 15:55
  • 3
    @NickW If you put your comment as the answer, I'd upvote it. Commented Jan 6, 2016 at 22:22

4 Answers 4

Reset to default
10

This sounds like a configuration issue on the server side.

If the server allows both public key and password authentication then even if you try to connect without a private key file present on the client, it should prompt you for a password.

If you are getting the error message "Permission denied (publickey)" then it sounds like password authentication is not supported on your server.

Without seeing the /etc/sshd_config file, it is difficult to know but my guess would be that you need to make sure the following line exists:

PasswordAuthentication yes

Restart the ssh server, and when you connect from the client you should be prompted for a password if there is no private key present, or if the private key doesn't match the public key on the server.

A more secure alternative to this of course would be to copy your private key to the laptop which you are using, or in-fact generate a new private key to be used on that laptop and add the public key to .ssh/authorized_keys

Improve this answer
1
  • 9
    Please do not answer a question that wasn't asked. It makes it very annoying for other people finding this question from Google. Commented Apr 8, 2020 at 13:57
78

If you want to bypass key authentication when logging to the server, just run:

ssh -o PubkeyAuthentication=no user@host
Improve this answer
2
  • 1
    Doesn't fix the problem for me. Commented Sep 28, 2020 at 13:37
  • 2
    This is what people are looking for when they search "ssh deactivate keys" Commented Jan 25, 2023 at 19:44
6

Just make an ID file that is blank.

touch $HOME/.ssh/blank

If you leave the permission 640 or 644 then ssh will complain that the permissions are not secure enough and not use it. If you chmod it to 600, then it will prompt for a password 3 times and fail because there is no password. So just leave it 640 or 644.

Then when you ssh use this command.

ssh -i $HOME/.ssh/blank servername-or-ip

You could use .ssh/config and set a host entry to not use the key but it is less temporary or you could create aliases for server and server-nokey but it gets long and is a pain to maintain.

Improve this answer
4
  • 9
    -i /dev/null works too, and doesn't need checking permissions. Commented Jul 10, 2017 at 7:22
  • 1
    Blank/null files don't work, ssh says Load key "/dev/null": invalid format, then it proceeds to use the other keys you have configured anyway, and then fails to log in due to too many authentication failures. Commented Feb 26, 2019 at 0:43
  • For me this didn't work. Maybe my credentials were stored in the gnome keyring. Commented May 13, 2019 at 11:49
  • 2
    This didn't work for me either. It found my id_rsa and used it. The ssh -o PubkeyAuthentication=no ... answer worked well. Commented Feb 29, 2020 at 18:07
1

As the other answers are providing pertinent solutions that worked for me here and there, I'm posting another trick that helped when the others failed.

First run ssh -Q key to obtain a list of possible key types in your install.

Pick a key algorithm you are not using, in the below example I picked [email protected] and then restrict ssh to use only that type, by appending [email protected] to the ssh command.

With a quick alias, things would look like

$ alias ssh-nokey='ssh [email protected]' $ ssh-nokey remoteuser@remotehost remoteuser@remotehost's password:

When running, the ssh client will look at all available keys in the ~/.ssh folder, their usual algorithm is rsa / ed25519, so ssh will not find one that matches the sk-ecdsa-sha2-nistp256 used as an example.

Improve this answer

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.