7

Is there a way to list all available SSH authentication methods for the local host using command line? Basically, I want to see the same list which the server would announce when trying to connect from a (remote) client.

Note: I do not want to search through /etc/ssh/sshd_config, as this will require too much understanding of which authentication methods do in general exist (e.g. sshd_config may just be emtpy)

mstrap
  • 16,808
  • 10
  • 56
  • 86

3 Answers3

9

ssh -v server and look for the first "Authentications that can continue" line.

William Hay
  • 2,148
  • 16
  • 20
7

There is better way from here + modified by me for localhost case:

ssh -o PreferredAuthentications=none -o NoHostAuthenticationForLocalhost=yes localhost
Community
  • 1
  • 1
Maxim Kholyavkin
  • 4,463
  • 2
  • 37
  • 82
4

nmap can do this too using ssh-auth-methods:

nmap -p 22 --script ssh-auth-methods localhost

Example output:

Starting Nmap 7.91 ( https://nmap.org ) at 2021-08-16 12:07 +07
Nmap scan report for localhost (127.0.0.1)
Host is up (0.000087s latency).

PORT   STATE SERVICE
22/tcp open  ssh
| ssh-auth-methods: 
|   Supported authentication methods: 
|     publickey
|_    password

Nmap done: 1 IP address (1 host up) scanned in 0.26 seconds

What it does behind the scenes is in ssh-auth-methods.nse. Uses libssh2 to connect with a random username and lists out the possible authentication methods.

(It's possible to print out the effective sshd configuration options with sshd -T, this will show what options are in effect even if sshd_config is empty. For this use case running sshd -T | egrep 'permitrootlogin|authentication' would be useful.)

Paul Tobias
  • 1,962
  • 18
  • 18