6

I have SSH access to my server using a certificate. I have configured a user on the same server that would connect using a password, but using Putty, the server only seems to offer certificate login as I get the error:

"No supported authentication methods available (server sent publickey, gssapi-keyex, gssapi-with-mic)"

I did go into /etc/ssh/sshd_config to enable PasswordAuthentication yes and restarted sshd, but that does not seem to do anything. sshd_config has a line to include separate .conf files, which I have in /etc/ssh/sshd_config.d/50-redhat.conf. Here I also added PasswordAuthentication yes.

in /var/log/secure I find the following:

May 10 12:42:54 [user] sshd[2053]: Connection closed by authenticating user [user] [source-ip] port 60374 [preauth]

Just to be clear: I do not get the chance to put in a password.

Where else should I look to create the possibility of both certificate-based ánd password-based SSH access?

Kamil Maciorowski
  • 81,893
Bokkie
  • 93

3 Answers3

14

Found my answer, leaving it here for posterity.

Issue seems to be that there are multiple ssh configs now, and not only /etc/ssh/sshd_config. In my case (ubuntu 22.04) there was a sneaky file /etc/ssh/sshd_config.d/60-cloudimg-settings.conf that had a single line PasswordAuthentication no that was WREAKING MY LIFE!!!!

Fixed it with this:

grep -r PasswordAuthentication /etc/ssh -l | xargs -n 1 sed -i 's/#\s*PasswordAuthentication\s.*$/PasswordAuthentication yes/; s/^PasswordAuthentication\s*no$/PasswordAuthentication yes/'

Also, service ssh restart was not working, no error, just didn't do anything and needed to use systemctl restart ssh.service instead.

Javier Buzzi
  • 241
2

Depending on how your Ubuntu 24.04 installation was done, there are different files in /etc/ssh/sshd_config.d that can overwrite the behavior found in `/etc/ssh/sshd_config.

You need to go through all those files and look for your specific configuration. On my VPS instance, on OVH, I had 3 PasswordAuthentication configuration competing.

I recommend using grep:

root@vps-redacted:~# grep "^PasswordAuthentication" /etc/ssh/sshd_config /etc/ssh/sshd_config.d/*
/etc/ssh/sshd_config:PasswordAuthentication no
/etc/ssh/sshd_config.d/50-cloud-init.conf:PasswordAuthentication yes
/etc/ssh/sshd_config.d/60-cloudimg-settings.conf:PasswordAuthentication no

I was trying to disable password authentication.

As a sidebar, if you want to test the connection without offering your public key, you can use the following:

ssh -o PubkeyAuthentication=no -o PreferredAuthentications=password ubuntu@redacted
Phil
  • 49
  • 1
-2

Set KbdInteractiveAuthentication to "yes" in sshd_config and restart. PasswordAuthentication is not enough

Jorj
  • 105
  • 1