Related

Join the DigitalOcean Community Community

Join 1M+ other developers and:

  • Get help and share knowledge in Q&A
  • Subscribe to topics of interest
  • Get courses & tools that help you grow as a developer or small business owner
 Join Now
ISIS hack on my server / droplet Question Question
Game Server DDoS Attack?? Question Question

Question

After enabling Public Key Authentication, I can still log in without from other machine

Posted November 2, 2015 3.9k views
Security

Hi, I just enabled public key authentication on my Ubuntu 15.10 x64 droplet - and indeed, next time I logged in from my machine (called “nas2”), I was prompted to enter the pass-phrase. I then proceeded to log in from another machine (my laptop) - same user, same Ubuntu server - and I could still log in from my laptop with simple user-password authentication - no private key available on that machine.

I assume that is not supposed to happen? That defeats the purpose of having that extra layer of authentication of it can be bypassed like that?

I followed the steps in this tutorial:
https://www.digitalocean.com/community/tutorials/initial-server-setup-with-ubuntu-14-04 - “Step Four — Add Public Key Authentication”

Add a comment
By:
ellvtr

Related

Join the DigitalOcean Community Community

Join 1M+ other developers and:

  • Get help and share knowledge in Q&A
  • Subscribe to topics of interest
  • Get courses & tools that help you grow as a developer or small business owner
 Join Now
ISIS hack on my server / droplet Question Question
Game Server DDoS Attack?? Question Question
Add a comment
4 comments
  • telling November 2, 2015
    Reply Report

    You’ve enabled public key auth, but that doesn’t automaticly disable password login. To do so you need to change PasswordAuthentication yes to PasswordAuthentication no.

  • ellvtr November 2, 2015
    Reply Report

    Thanks a lot! Now that leads to the next question: Now that I can only log in from this particular machine (nas2) which has the private key stored - how do I go about authenticating another device, such as my laptop? Can I simply copy the file with the private key from nas2 to the other device? Or would I have to create a new private + public key on the laptop, then proceed to add the new public key to the server - which I probably can’t do using ssh-copy-id because I can’t login with ssh before it is uploaded?

  • BrookDO November 3, 2015
    Reply Report

    You will want to generate a new key on your laptop, then send it to NAS2, and have that computer place it in the authorized_keys folder.

  • ellvtr November 3, 2015
    Reply Report

    Great, thanks for your help mate! Will try that!

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

×
Submit an Answer
1 answer
asb June 10, 2016

This question was answered by @telling:

You’ve enabled public key auth, but that doesn’t automaticly disable password login. To do so you need to change PasswordAuthentication yes to PasswordAuthentication no.

View the original comment

Reply Report

Related

Looking for something else?

Ask a new question Search for more help