Authentication Order with SSH

Solution 1:

The ssh server decides which authentication options it allows, the ssh client can be configured to decide in which order to try them.

The ssh client uses the PreferredAuthentications option in the ssh config file to determine this.

From man ssh_config (see it online here):

PreferredAuthentications
             Specifies the order in which the client should try protocol 2 authentication methods.  This allows a client to prefer
             one method (e.g. keyboard-interactive) over another method (e.g. password).  The default is:

                   gssapi-with-mic,hostbased,publickey,
                   keyboard-interactive,password

I don't believe it's possible, without playing with the source, to tell the OpenSSH server to prefer a certain order - if you think about it, it doesn't quite make sense anyway.

Solution 2:

Adding this:

PreferredAuthentications keyboard-interactive,password,publickey,hostbased,gssapi-with-mic

...to my /etc/ssh/ssh_config helped me to solve this, and saved a lot of time too!

You can check if it works by using ssh -v user@host command to connect, where -v stands for "verbose".

Authentication Order with SSH

Solution 1:

Solution 2:

Tags:

Ssh

Public Key

Password

Related

Recent Posts