Question
After enabling Public Key Authentication, I can still log in without from other machine
Hi, I just enabled public key authentication on my Ubuntu 15.10 x64 droplet - and indeed, next time I logged in from my machine (called “nas2”), I was prompted to enter the pass-phrase. I then proceeded to log in from another machine (my laptop) - same user, same Ubuntu server - and I could still log in from my laptop with simple user-password authentication - no private key available on that machine.
I assume that is not supposed to happen? That defeats the purpose of having that extra layer of authentication of it can be bypassed like that?
I followed the steps in this tutorial:
https://www.digitalocean.com/community/tutorials/initial-server-setup-with-ubuntu-14-04 - “Step Four — Add Public Key Authentication”
These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.
×
You’ve enabled public key auth, but that doesn’t automaticly disable password login. To do so you need to change
PasswordAuthentication yes
toPasswordAuthentication no
.Thanks a lot! Now that leads to the next question: Now that I can only log in from this particular machine (nas2) which has the private key stored - how do I go about authenticating another device, such as my laptop? Can I simply copy the file with the private key from nas2 to the other device? Or would I have to create a new private + public key on the laptop, then proceed to add the new public key to the server - which I probably can’t do using ssh-copy-id because I can’t login with ssh before it is uploaded?
You will want to generate a new key on your laptop, then send it to NAS2, and have that computer place it in the authorized_keys folder.
Great, thanks for your help mate! Will try that!