password is probably the most commonly used authentication method for SSH, while the more seasoned system administrator uses publickey.

When you're connecting to a remote server via SSH, your SSH client will try different authentication methods before settling for a usable method, with password usually the final option. The sequence of methods that the client uses is defined by the PreferredAuthentications option that could be configured in the client's SSH configuration file.

debug3: receive packet: type 51
debug1: Authentications that can continue: publickey,password
debug3: start over, passed a different list publickey,password
debug3: preferred publickey
debug3: authmethod_lookup publickey
debug3: remaining preferred: 
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Trying private key: /home/user/.ssh/id_rsa
debug3: no such identity: /home/user/.ssh/id_rsa: No such file or directory

PreferredAuthentications
Specifies the order in which the client should try authentication methods. This allows a client to prefer one method (e.g. keyboard-interactive) over another method (e.g. password). The default is:

  • gssapi-with-mic,hostbased,publickey, keyboard-interactive,password

You can specify your preferred authentication method for your SSH client if you have any specific preferences or requirements. It could also speed up the authentication process as the client does not need to try all the other authentication methods.

You can set the order of your preferred authentication method in any of the SSH client configuration files such as /etc/ssh/ssh_config or ~/.ssh/config. The following configuration example is to only attempt publickey and password method, in that order:

PreferredAuthentications publickey,password

The other way is to specify your preferred authentication method is to set the option in the SSH client command as per the following:

$ ssh -o PreferredAuthentications=publickey 192.168.111.2
user@192.168.111.2: Permission denied (publickey,password).

Choosing an unsupported authentication method such as in the above example will prevent your access to the remote SSH server.

Discuss the article:

Comment anonymously. Login not required.

Share!