A short post today about a subtle change of ssh that must have happened over the years. Previously, when I wanted to check if SSH password authentication was disabled on a server, I would remove my public key from the authorized_hosts file on the server and then use a second terminal to establish another SSH session to the server. This would then either result in a reject or a password prompt. When I recently tried this with a server on which password authentication was not yet disabled, I go a reject instead of the password prompt. Hm…
So I had a look if it is possible to force password authentication on the client side. And indeed there is an option to do this:
ssh -o PreferredAuthentications=password HOST
‘Preferred’ in the option above seems to be a bit misleading, however. Even if the server has my public key, the connection is not established and instead rejected with ‘Permission denied (publickey)’.