Results 1 to 4 of 4
  1. #1
    Join Date
    Oct 2013
    Location
    AdminCP
    Posts
    429

    I can only login to SSH using private key

    I can only login using private key.

    How can I login using password instead of key? And revert it later?

    Here is my sshd_config:

    Code:
    #	$OpenBSD: sshd_config,v 1.80 2008/07/02 02:24:18 djm Exp $
    
    # This is the sshd server system-wide configuration file.  See
    # sshd_config(5) for more information.
    
    # This sshd was compiled with PATH=/usr/local/bin:/bin:/usr/bin
    
    # The strategy used for options in the default sshd_config shipped with
    # OpenSSH is to specify options with their default value where
    # possible, but leave them commented.  Uncommented options change a
    # default value.
    
    #Port 22
    #AddressFamily any
    #ListenAddress 0.0.0.0
    #ListenAddress ::
    
    # Disable legacy (protocol version 1) support in the server for new
    # installations. In future the default will change to require explicit
    # activation of protocol 1
    Protocol 2
    
    # HostKey for protocol version 1
    #HostKey /etc/ssh/ssh_host_key
    # HostKeys for protocol version 2
    #HostKey /etc/ssh/ssh_host_rsa_key
    #HostKey /etc/ssh/ssh_host_dsa_key
    
    # Lifetime and size of ephemeral version 1 server key
    #KeyRegenerationInterval 1h
    #ServerKeyBits 1024
    
    # Logging
    # obsoletes QuietMode and FascistLogging
    #SyslogFacility AUTH
    SyslogFacility AUTHPRIV
    #LogLevel INFO
    
    # Authentication:
    
    #LoginGraceTime 2m
    #PermitRootLogin without-password
    PermitRootLogin yes
    #StrictModes yes
    #MaxAuthTries 6
    #MaxSessions 10
    
    RSAAuthentication yes
    PubkeyAuthentication yes
    AuthorizedKeysFile	.ssh/authorized_keys
    #AuthorizedKeysCommand none
    #AuthorizedKeysCommandRunAs nobody
    
    # For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
    #RhostsRSAAuthentication no
    # similar for protocol version 2
    #HostbasedAuthentication no
    # Change to yes if you don't trust ~/.ssh/known_hosts for
    # RhostsRSAAuthentication and HostbasedAuthentication
    #IgnoreUserKnownHosts no
    # Don't read the user's ~/.rhosts and ~/.shosts files
    #IgnoreRhosts yes
    
    # To disable tunneled clear text passwords, change to no here!
    PasswordAuthentication yes
    PermitEmptyPasswords no
    #PasswordAuthentication yes
    
    # Change to no to disable s/key passwords
    #ChallengeResponseAuthentication yes
    ChallengeResponseAuthentication no
    
    # Kerberos options
    #KerberosAuthentication no
    #KerberosOrLocalPasswd yes
    #KerberosTicketCleanup yes
    #KerberosGetAFSToken no
    #KerberosUseKuserok yes
    
    # GSSAPI options
    #GSSAPIAuthentication no
    GSSAPIAuthentication yes
    #GSSAPICleanupCredentials yes
    GSSAPICleanupCredentials yes
    #GSSAPIStrictAcceptorCheck yes
    #GSSAPIKeyExchange no
    
    # Set this to 'yes' to enable PAM authentication, account processing, 
    # and session processing. If this is enabled, PAM authentication will 
    # be allowed through the ChallengeResponseAuthentication and
    # PasswordAuthentication.  Depending on your PAM configuration,
    # PAM authentication via ChallengeResponseAuthentication may bypass
    # the setting of "PermitRootLogin without-password".
    # If you just want the PAM account and session checks to run without
    # PAM authentication, then enable this but set PasswordAuthentication
    # and ChallengeResponseAuthentication to 'no'.
    #UsePAM no
    UsePAM yes
    
    # Accept locale-related environment variables
    AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
    AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
    AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE
    AcceptEnv XMODIFIERS
    
    #AllowAgentForwarding yes
    #AllowTcpForwarding yes
    #GatewayPorts no
    #X11Forwarding no
    X11Forwarding yes
    #X11DisplayOffset 10
    #X11UseLocalhost yes
    #PrintMotd yes
    #PrintLastLog yes
    #TCPKeepAlive yes
    #UseLogin no
    #UsePrivilegeSeparation yes
    #PermitUserEnvironment no
    #Compression delayed
    #ClientAliveInterval 0
    #ClientAliveCountMax 3
    #ShowPatchLevel no
    #UseDNS yes
    #PidFile /var/run/sshd.pid
    #MaxStartups 10:30:100
    #PermitTunnel no
    #ChrootDirectory none
    
    # no default banner path
    #Banner none
    
    # override default of no subsystems
    Subsystem	sftp	/usr/libexec/openssh/sftp-server
    
    # Example of overriding settings on a per-user basis
    #Match User anoncvs
    #	X11Forwarding no
    #	AllowTcpForwarding no
    #	ForceCommand cvs server

  2. #2
    Join Date
    Apr 2005
    Posts
    1,767
    Looks like password authentication is enabled already (PasswordAuthentication yes), just move your private key, or login from another account that doesn't have the same $HOME/.ssh/id_rsa, and it should prompt you for a password, then when you need to use your private key to login, just login from that account, and it should authenticate with the key.

  3. #3
    Hi,

    Have you restarted the SSH service to have those configuration applied? Because password authentication is already enabled, so I don't see any reason of not being able to SSH with password.
    www.24x7servermanagement.com
    Server Management, Server Security, Server Monitoring.
    India's Leading Managed Service Provider !! Skype: techs24x7

  4. #4
    Join Date
    Sep 2014
    Posts
    73
    If all else fails, you can always run sshd in interactive mode to debug the issue.
    <path to sshd> -vvv
    ...and you can always call ssh using the -v argument to see a much more verbose client-server exchange to see what's being sent back and forth. Usually in such exchanges, pubkey authentication is usually selected first.

    A new change in Ubuntu 14.04 and to an extent Debian "Jessie", they both now have the PermitRootLogin directive set to 'without-password' instead of the usual 'yes' setting.
    BuyPrivacy | Privacy Oriented VPN Service

Similar Threads

  1. Create ssh private key
    By grizzled in forum Dedicated Server
    Replies: 14
    Last Post: 04-20-2011, 07:47 AM
  2. SSH key login for support techs
    By server prodigy in forum Hosting Security and Technology
    Replies: 1
    Last Post: 10-31-2010, 01:13 PM
  3. SSH to Cpanel server with public/private key
    By Tomcatf14 in forum Hosting Security and Technology
    Replies: 7
    Last Post: 04-15-2010, 06:29 PM
  4. SSH Key Root Login by default?
    By Russ Foster in forum Hosting Security and Technology
    Replies: 4
    Last Post: 05-12-2005, 08:50 AM
  5. SSH public/private key login
    By Iggy in forum Hosting Security and Technology
    Replies: 2
    Last Post: 04-25-2003, 10:28 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •