SSH: completly disabling password authentication
Solution 1
Okay, I've found it! It's
ssh -o BatchMode=yes host
Not very intuitive, especially with the fact that the options I tried previously don't work.
Solution 2
You can add those option to .ssh/config and save some typing:
Host host
BatchMode yes
should do the job.
Solution 3
I just had this problem and found the answer here:
http://www.gossamer-threads.com/lists/openssh/dev/47179
Basically, openssh used keyboard-interactive to implement challenge-repsonse. So if either of these options are set to "yes", then keyboard-interactive gets set to "yes" in the code. You have to set both to "no" in order to get the behavior you want.
I had to do:
ssh -o PasswordAuthentication=no -o KbdInteractiveAuthentication=no -o ChallengeResponseAuthentication=no
Of course, the BatchMode=yes
setting would take care of all of these for you and future proof you against any new user interactive authentication methods in the future.
Peltier
Author of autojump, the fastest way to move around your filesystem from the command line.
Updated on September 17, 2022Comments
-
Peltier over 1 year
is there a way to disable password authentication completely? The command line is the following:
ssh -o KbdInteractiveAuthentication=no -o PasswordAuthentication=no machine"
it STILL asks for a password. Of course I would like to do this without touching the server, if possible.