0

Is it possible to allow the user to use Public Key and Password to authenticate to their ssh account (Have both options enabled rather just one or the other)?

If it possible, how to do so?

asked Dec 24, 2018 at 19:42
5
  • 1
    Yes - in fact this is the default unless you change it. Commented Dec 24, 2018 at 21:12
  • @Milliways thanks so I can use both Password and Public Key for authentication? Commented Dec 24, 2018 at 22:07
  • 1
    yes - in fact that's what the yes in his comment means Commented Dec 24, 2018 at 22:22
  • @JaromandaX Also how do I do it? (i.e. which sshd config would I need to modify) Commented Dec 24, 2018 at 22:38
  • 2
    don't change any config ... just add authorized_keys ... as milliways explained this is the default unless you change it Commented Dec 24, 2018 at 23:22

2 Answers 2

1

As already stated in the comments password and public key authentication are enabled by default. If you enable ssh and know the name resp. ip address of the RasPi you can just connect to it with user pi and password raspberry. You can also use public key authentication out of the box. Just install public and private keys as described for ssh. You can find an example at Unable to SSH after securing Pi.

answered Dec 25, 2018 at 20:26
1

While out of the box the Pi is using passwords, and public keys in the sense of host keys, I think what he is asking is if you can continue to use password authentication AFTER you setup user public key authentication.

Once you do so, then there is no need for the less secure password authentication, and the whole point of setting that up is to not need to stop and enter a password, which can be brute force attacked to begin with.

So, there is no need to do such a thing.

Check out "SSH Mastery" by Michael W. Lucas for more detail.

answered Jan 6, 2019 at 17:20
3
  • The need is a rather subjective thing to start with. There are situations conceivable where a user wants to set up public key authentication for convenience only and not security (as in, simplified log in process, typing no password); but still keeping password auth. to log in from another machine w/o the keyfile. Not judging whether this is a wise thing to do or not, just saying there might be a need. Commented Jan 6, 2019 at 17:36
  • Given that password protection is an inferior level of protection, it would completely nonsensical, and thus by definition would not be "needed". Logic. :) Commented Jan 8, 2019 at 2:34
  • Old but I thought I would comment on the debate of having both. Using some tools, and several computers, I don't know how to make SSH work, so a failed back to the id/password, only to find its no longer active. Do have to pass around my private key to enable other computers to login? The most secure application is non-functional. Commented Jul 31, 2023 at 0:16

Your Answer

Draft saved
Draft discarded

Sign up or log in

Sign up using Google
Sign up using Email and Password

Post as a guest

Required, but never shown

Post as a guest

Required, but never shown

By clicking "Post Your Answer", you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.