OpenSSH: force password authentication

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
Hi all,
I set up passwordless public key authentication from a client to a
server to run an automated backup job (rsync).
I am running OpenSSH 3.6.1p2 on Red Hat Enterprise Linux 3.

I set up the public key with a forced command on the server, in order to
run validating script and only allow the backup task, otherwise it will
close the ssh connection, and It works fine.

But sometimes I need to connect to the server via ssh to run some
interactive commands and would like to use password authentication for that.

Right now that is not possible, since when I try to connect to the
server via ssh, the ssh client will pick up the PKI authentication first
and the forced command (validating script) on the server won't allow me
an interactive session, it will close the ssh connection.

Is there any way to force the ssh client to use password authentication
first only for interactive sessions? E.g. a command line switch or
something like that ...

Thanks for your help.

Re: OpenSSH: force password authentication

Quoted text here. Click to load it

And unstated, I suppose you also set up a private key on the local
client in the default location for the client identity.

Quoted text here. Click to load it

Take a look at the options available in the ssh_config file.

One way is to have the restricted key not be in the default identity
file.  Make the automated process reference it explicitly.  (I do this

  ssh -o IdentityFile=auto_backup ... or
  ssh -i auto_backup ...

Another way is to change the attempted authentication methods.

  ssh -o PreferredAuthentications=keyboard-interactive,password ...

Or just disable public key authentication.

  ssh -o PubkeyAuthentication=no ...

Darren Dunham                                 
Senior Technical Consultant         TAOS   /
Got some Dr Pepper?                           San Francisco, CA bay area
         < This line left intentionally blank to confuse you. >

Re: OpenSSH: force password authentication

On 23-06-2004 21:47, Darren Dunham wrote:

Quoted text here. Click to load it

This worked fine, thank you!

Site Timeline