How to force ssh client to use only password auth?

If I use pubkey auth from e.g.: an Ubuntu 11.04 how can I set the ssh client to use only password auth to a server? (just needed because of testing passwords on a server, where I default log in with key)

I found a way:

mv ~/.ssh/id_rsa ~/.ssh/id_rsa.backup
mv ~/.ssh/ ~/.ssh/

and now I get prompted for password, but are there any offical ways?

Asked By: LanceBaynes


Disable PubkeyAuthentication and also set PreferredAuthentications to password so that alternative methods like gssapi-with-mic aren’t used:

ssh -o PubkeyAuthentication=no -o PreferredAuthentications=password

You need to make sure that the client isn’t configured to disallow password authentication.

Answered By: scoopr

As well as the method posted by scoopr, you can set per host options in your ssh client configuration file.

In your .ssh directory, create a file called config (if it doesn’t already exist) and set the permissions to 600, you can then create sections which start with

host <some hostname or pattern>

and then set per host options after that, for example,

user fred

host *.home.example
user billy
port 9191

so you could have

PubkeyAuthentication no

in that file, and then simply


and the option will get picked up.

Answered By: EightBitTony

I’ve discovered a shortcut for this purpose:


Note the colon (:) and the empty password after it.

Answered By: Halil Özgür

@scoopr and @Halil Özgür answers didn’t work for me.

This worked for me:

ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no


Answered By: shrx

I recently needed this but none of the options above worked, ssh -v showed that the command-line options passed via the -o switch were over-ridden by the values specified in my ~/.ssh/config file.

What worked was this:

ssh -F /dev/null <username>@<host>

From the ssh man page:

 -F configfile
     Specifies an alternative per-user configuration file.  If a
     configuration file is given on the command line, the system-wide
     configuration file (/etc/ssh/ssh_config) will be ignored. The default 
     for the per-user configuration file is ~/.ssh/config.

Credits to this answer: How can I make ssh ignore .ssh/config?

Answered By: adeelx

I may be the only one in the world with this issue, but I had an ssh from another operating system running (choco ssh in Windows in a cygwin shell) seen via which ssh

So the solution was to


Note the full path. I did this after I had run cyg-get openssh

Answered By: Jonathan

I tried a few of these answers, but ssh -v kept showing my public keys getting pulled out of my home directory. However, specifying a bogus identity file did the trick for me:

ssh -i /dev/null host

I have to do this permanently (to work around the broken SSH server in an APC rack-mounted PDU — stay far away from these things if you care about security), so I ended up putting the option into my config file:

Host apc1 apc2
KexAlgorithms +diffie-hellman-group1-sha1
IdentityFile /dev/null
Answered By: miken32

And also be sure, there is no BatchMode=yes active in .ssh/config.
Otherwise you’ve got no chance, to get an interactive password prompt.

Answered By: Gunnar Tiedt

This is mentioned in a comment above, but I think it deserves to be its own answer.

For people receiving the Permission denied (publickey) error despite the other solutions here, the problem is likely that the server is set not to accept passwords. To change this, you need to get into the server (many services will allow you to access with a password via a virtual console on their management console) and:

  1. nano /etc/ssh/sshd_config

  2. Find PasswordAuthentication no and change it to yes, and uncomment it.

  3. Run sudo service sshd restart (or sudo systemctl restart sshd if using systemd services)

  4. Now try to log in, from a remote server, using one of the methods above, such as ssh -o PreferredAuthentications=password -o PubkeyAuthentication=no

Answered By: Andrew

A little late to the party but I had to set the ControlPath option to none because I had an already established connection by the means of SSH connection sharing. So authentication was skipped instead of asking for a password. If it’s same for you try following command line.

ssh -o ControlPath=none -o PreferredAuthentications=password

Answered By: thomas

In my case, I resolved the issue by using -i to specify the private key for the target VM. For example:

ssh -i /path/to/private_key <username>@<vm_ip>
Answered By: Chance

I tried just about everything suggested, including setting
PasswordAuthentication yes in /etc/ssh/sshd_config on the host, and lots of different arguments to ssh on the client, but still got Permission denied (pubkey).

Then I noticed, in /etc/ssh/sshd_config on the host, the line:

Include /etc/ssh/sshd_config.d/*.conf

and wondered what config that might be pulling in that seemed to be overriding PasswordAuthentication yes. I commented it out (and restarted sshd) – and now I can log in by doing simply ssh user@host!

Both the client and server are DigitalOcean Ubuntu "droplets" (servers), one of which is messed up because of an aborted do-release-upgrade, and I am just trying to migrate the data from the old one (the client) to the new one (the host). Because I only have access to a recovery console on the old server through the web from which I can’t copy any text (e.g. a pubkey) and if I try to paste a pubkey into authorized_keys through the web the paste gets screwed up – and I really want to avoid typing in a pubkey by hand! – I have been trying to ssh to the new server using a password rather than a pubkey so found this question. Hopefully I can now start to transfer some data with scp or rsync. But I have had to comment out that Include to do it, which may not be a safe or desirable thing to do in the long term – I just did it to be able to migrate my data. So be careful! But it might help if you’re in a similar situation.

Answered By: drkvogel
Categories: Answers Tags: , ,
Answers are sorted by their score. The answer accepted by the question owner as the best is marked with
at the top-right corner.