Question

After enabling Public Key Authentication, I can still log in without from other machine

Hi, I just enabled public key authentication on my Ubuntu 15.10 x64 droplet - and indeed, next time I logged in from my machine (called “nas2”), I was prompted to enter the pass-phrase. I then proceeded to log in from another machine (my laptop) - same user, same Ubuntu server - and I could still log in from my laptop with simple user-password authentication - no private key available on that machine.

I assume that is not supposed to happen? That defeats the purpose of having that extra layer of authentication of it can be bypassed like that?

I followed the steps in this tutorial: https://www.digitalocean.com/community/tutorials/initial-server-setup-with-ubuntu-14-04 - “Step Four — Add Public Key Authentication”

Subscribe
Share

Great, thanks for your help mate! Will try that!

You will want to generate a new key on your laptop, then send it to NAS2, and have that computer place it in the authorized_keys folder.

Thanks a lot! Now that leads to the next question: Now that I can only log in from this particular machine (nas2) which has the private key stored - how do I go about authenticating another device, such as my laptop? Can I simply copy the file with the private key from nas2 to the other device? Or would I have to create a new private + public key on the laptop, then proceed to add the new public key to the server - which I probably can’t do using ssh-copy-id because I can’t login with ssh before it is uploaded?

You’ve enabled public key auth, but that doesn’t automaticly disable password login. To do so you need to change PasswordAuthentication yes to PasswordAuthentication no.


Submit an answer
You can type!ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

This question was answered by @telling:

You’ve enabled public key auth, but that doesn’t automaticly disable password login. To do so you need to change PasswordAuthentication yes to PasswordAuthentication no.

View the original comment