-1

I have a google compute engine instance, and I want to disable public key authentication (yes I know that it's a bad idea, before people jump in on me, just bear with me here) and in its place enable password authentication.

I have looked around, and I have all the relevant configurations set up correctly (at least as far as I can understand), but when I try to connect to the server, I get a Permission denied (publickey). error.

My (relevant configuration) thus far is:

PermitRootLogin without-password
PermitRootLogin yes

RSAAuthentication no
PubkeyAuthentication no

PermitEmptyPasswords no  # this is correct, I don't want it set to yes
PasswordAuthentication yes

The connection string I am using (ssh command) is the following:

ssh -o PreferredAuthentications=password -o PubkeyAuthentication=no root@<some_host>

with <some_host> being the server's relevant ip address. Is there something I am doing wrong? Perhaps something that I am missing (configuration wise)?

NlightNFotis
  • 125
  • 1
  • 6
  • is it necessary to reboot ssh-daemon after changing config in "google compute engine instance"? :) – Sergey Serov Sep 30 '15 at 13:21
  • 1
    "For each parameter, the first obtained value will be used." `ssh_config(5)` manual page. Anyway looking into server logs can help. – Jakuje Sep 30 '15 at 13:26
  • @SergeySerov it must be, and I believe I am doing it. But here's the thing: there is no `/etc/init.d/sshd`, only `/etc/init.d/ssh`. It's a debian 7 system btw. It's weird, but I am assuming that it corresponds to the server, since it isn't logical that there is an ssh client service. – NlightNFotis Sep 30 '15 at 13:27
  • have you checked /var/log/{syslog,secure} -- anything interesting there? – sai garimella Sep 30 '15 at 13:40
  • @saigarimella Only strings of the form `Connection closed by **.**.***.** (my_ip) [preauth]` in `/var/log/auth.log`. `/var/log/syslog` doesn't contain anything interesting other than kernel messages and some google daemon messages (informing me of the machine metadata, etc) – NlightNFotis Sep 30 '15 at 13:48
  • Sorry I can't comment yet but: ``` PermitRootLogin without-password ``` That line means: Make use of ssh key authentication only for root ``` RSAAuthentication no PubkeyAuthentication no ``` While those lines are the opposite of the first line. So which should the sshd give head to?? Good question, I haven't checked so can't comment, just noticed the contradiction. Also ``` PermitRootLogin without-password PermitRootLogin yes ``` These two lines should/are a bit opposing, as the one says all all methods of root logins, while the other says only allow root logins when it is presented with a ssh – Hvisage Oct 02 '15 at 18:25

1 Answers1

1

Ok, I managed to solve my problem, mainly thanks to the comment by @Hvisage.

My sshd_config was changed from (before --> after):

PermitRootLogin without-password --> yes
RSAAuthentication yes --> no
PubkeyAuthentication yes --> no
PasswordAuthentication no --> yes
NlightNFotis
  • 125
  • 1
  • 6
  • The only thing you needed to change was PasswordAuthentication and PermitRootLogin if you intend to login as root using a password. RSA and Pubkey auth could be left on, it doesn't hurt to leave them enabled. – André Borie Oct 06 '15 at 14:31