When you're connecting to a remote server via SSH, your SSH client will try different authentication methods before settling for a usable method. The sequence of methods that the client uses is defined by the PreferredAuthentications option, with password being the final choice by default.

PreferredAuthentications
Specifies the order in which the client should try authentication methods. This allows a client to prefer one method (e.g. keyboard-interactive) over another method (e.g. password). The default is:

gssapi-with-mic,hostbased,publickey,keyboard-interactive,password

debug3: receive packet: type 51
debug1: Authentications that can continue: publickey,password
debug3: start over, passed a different list publickey,password
debug3: preferred publickey
debug3: authmethod_lookup publickey
debug3: remaining preferred: 
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Trying private key: /home/user/.ssh/id_rsa
debug3: no such identity: /home/user/.ssh/id_rsa: No such file or directory

password is the commonly used authentication method for SSH, while the more seasoned system administrator might prefer publickey. You can specify your preferred authentication method for your SSH client if you have any specific preferences or requirements. It could also speed up the authentication process as the client does not need to try all the other authentication methods.

Steps to configure SSH preferred authentication method:

  1. Launch terminal application.
  2. Check current PreferredAuthentications configuration of your SSH client.
    $ ssh -G * | grep -i PreferredAuthentications
    $

    Default values are used if the command returns an empty result.

  3. Show available configuration options for PreferredAuthentications.
    $ man ssh_config
    ##### snipped
    PreferredAuthentications
    
    Specifies the order in which the client should try authentication methods. This allows a client to prefer one method (e.g. keyboard-interactive) over another method (e.g. password). The default is:
      gssapi-with-mic,hostbased,publickey, keyboard-interactive,password
    ##### snipped
  4. Manually specify authentication method when connecting to SSH server.
    $ ssh -o PreferredAuthentications=publickey 192.168.111.2
    user@192.168.111.2: Permission denied (publickey,password).

    Choosing an authentication method not supported by the SSH server, such as in the above example, will cause your login to fail.

  5. Open SSH client configuration file using your preferred text editor.
    $ vi ~/.ssh/config

    Use /etc/ssh/ssh_config to apply the option to all users in the system, though it will always be overridden if also configured in ~/.ssh/config.

  6. Set preferred authentication method for specific host in the configuration file and save.
    Host *
        PreferredAuthentications publickey,password

    The following configuration example is to only attempt publickey and password method, in that order.

  7. Login to SSH server again without specifying authentication method.
    $ ssh -v 192.168.111.2
    user@192.168.111.2: Permission denied (publickey,password).
Discuss the article:

Comment anonymously. Login not required.

Share!