ssh, strict hostkey checking and password login
by berndbausch from LinuxQuestions.org on (#53740)
When I set StrictHostKeyChecking, and the server's host keys have changed, I am not permitted to use password authentication.
Is this documented somewhere? I did an internet search and checked the ssh_config man page, but didn't find anything.
Below I am ssh'ing from Centos 8 to Debian 10. When going the other way, the outcome and the last 20 lines or so are the same, though the messages are the beginning are different.
The highlighted files (blue) don't seem to contain anything relevant:
Code:$ ssh -vvv -o stricthostkeychecking=no debian10
OpenSSH_8.0p1, OpenSSL 1.1.1c FIPS 28 May 2019
debug1: Reading configuration data /etc/ssh/ssh_config
debug3: /etc/ssh/ssh_config line 51: Including file /etc/ssh/ssh_config.d/05-redhat.conf depth 0
debug1: Reading configuration data /etc/ssh/ssh_config.d/05-redhat.conf
debug2: checking match for 'final all' host debian10 originally debian10
debug3: /etc/ssh/ssh_config.d/05-redhat.conf line 3: not matched 'final'
debug2: match not found
debug3: /etc/ssh/ssh_config.d/05-redhat.conf line 5: Including file /etc/crypto-policies/back-ends/openssh.config depth 1 (parse only)
debug1: Reading configuration data /etc/crypto-policies/back-ends/openssh.config
...
debug1: Authentications that can continue: publickey,password
debug3: start over, passed a different list publickey,password
debug3: preferred gssapi-with-mic,publickey
debug3: authmethod_lookup publickey
debug3: remaining preferred: ,publickey
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Trying private key: /home/student/.ssh/id_rsa
debug3: no such identity: /home/student/.ssh/id_rsa: No such file or directory
... more private keys checked ...
debug2: we did not send a packet, disable method
debug1: No more authentication methods to try.
student@debian10: Permission denied (publickey,password).
Is this documented somewhere? I did an internet search and checked the ssh_config man page, but didn't find anything.
Below I am ssh'ing from Centos 8 to Debian 10. When going the other way, the outcome and the last 20 lines or so are the same, though the messages are the beginning are different.
The highlighted files (blue) don't seem to contain anything relevant:
Code:$ ssh -vvv -o stricthostkeychecking=no debian10
OpenSSH_8.0p1, OpenSSL 1.1.1c FIPS 28 May 2019
debug1: Reading configuration data /etc/ssh/ssh_config
debug3: /etc/ssh/ssh_config line 51: Including file /etc/ssh/ssh_config.d/05-redhat.conf depth 0
debug1: Reading configuration data /etc/ssh/ssh_config.d/05-redhat.conf
debug2: checking match for 'final all' host debian10 originally debian10
debug3: /etc/ssh/ssh_config.d/05-redhat.conf line 3: not matched 'final'
debug2: match not found
debug3: /etc/ssh/ssh_config.d/05-redhat.conf line 5: Including file /etc/crypto-policies/back-ends/openssh.config depth 1 (parse only)
debug1: Reading configuration data /etc/crypto-policies/back-ends/openssh.config
...
debug1: Authentications that can continue: publickey,password
debug3: start over, passed a different list publickey,password
debug3: preferred gssapi-with-mic,publickey
debug3: authmethod_lookup publickey
debug3: remaining preferred: ,publickey
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Trying private key: /home/student/.ssh/id_rsa
debug3: no such identity: /home/student/.ssh/id_rsa: No such file or directory
... more private keys checked ...
debug2: we did not send a packet, disable method
debug1: No more authentication methods to try.
student@debian10: Permission denied (publickey,password).