Ssh – How to make ssh fail rather than prompt for a password if the public-key authentication fails

authenticationpublic-keyssh

I've got a script that SSHes several servers using public key authentication. One of the servers has stopped letting the script log in due to a configuration issue, which means that the script gets stuck with a "Password:" prompt, which it obviously cannot answer, so it doesn't even try the rest of the servers in the list.

Is there a way to tell the ssh client not to prompt for a password if key authentication fails, but instead to just report an error connecting and let my script carry on?

Best Answer

For OpenSSH there is BatchMode, which in addition to disabling password prompting, should disable querying for passphrase(s) for keys.

BatchMode

If set to “yes”, passphrase/password querying will be disabled. This option is useful in scripts and other batch jobs where no user is present to supply the password. The argument must be “yes” or “no”. The default is “no”.

Sample usage:

ssh -oBatchMode=yes -l <user> <host> <dostuff>

Related Solutions

Ssh – Is SSH logging capabilities equivalent to su logging for private/public key authentication

There are many levels of logging available through the sshd_config file. See the man page and look for LogLevel. The default level is INFO but it's trivially easy to bump it up to VERBOSE or even one of the DEBUG# levels.

Additionally, you should explore sudo as an alternative to su. A full discussion of the benefits of sudo would be a question of its own. But I can say that with sudo you can tailor how often you have to enter your password, which commands may be run, etc., all controllable through the sudoers config file.

Ssh – Create a public SSH key from the private key

Use the -y option to ssh-keygen:

ssh-keygen -f ~/.ssh/id_rsa -y > ~/.ssh/id_rsa.pub

From the 'man ssh-keygen'

 -y      This option will read a private OpenSSH format file and print an
         OpenSSH public key to stdout.

Specify the private key with the -f option, yours might be dsa instead of rsa. The name of your private key probably contains which you used. The newly generated public key should be the same as the one you generated before.

Best Answer

Related Solutions

Ssh – Is SSH logging capabilities equivalent to su logging for private/public key authentication

Ssh – Create a public SSH key from the private key

Related Topic