Password-Only Login for SSH and SCP

Public key authentication is very common way when we have to access remote Linux/UNIX servers. Normally, we add the public keys to the authentication agent on local side (e.g. by ssh-add), to simply the login process. But there might be problems, like this one:

debian@controller:~$ scp pub.admon.org:/tmp/2012.tgz .
Received disconnect from 10.195.15.37: 2: Too many authentication failures for debian

How can we bypass this issue without removing the keys from our authentication agent?

A direct way is to enable password authentication and force client to use it instead of public keys auth. To enable password authentication is very simple, you can just add the parameter “-o PubkeyAuthentication=no” to your ssh based command like ssh, scp and sftp.

debian@controller:~$ scp -o PubkeyAuthentication=no debian@pub.admon.org:/tmp/2012.tgz .
debian@parser.minivps.com's password:
2012.tgz                                                           100%    20MB     22.5MB/s   00:01

The option’s parameter is case insensitive, so you just need to remember it’s pubkey and authentication. If you face additional errors, please have a check and make sure you have password authentication enabled at the server side. Normally, that’s an active directive “PasswordAuthentication no” in /etc/ssh/sshd_config.

If you’re not sure how to enable public key authentication to harden your servers, you can refer to this link.

Share Button

Leave a comment

Your email address will not be published. Required fields are marked *