How to Enable SSH Password Authentication on AWS, GCP, and Others

While trying to login using your password, you may see "Permission denied (publickey,password)" or "Authentication failed, permission denied" errors in your Amazon EC2, Google Compute Engine, or in some other VPS. That may cause because these VPS providers disable password authentication by default on your server in order for better security.

Speaking of security, you may want to reconsider if you want to allow password authentication for SSH as that may cause reduced security for your server.

Enable SSH Password Authentication

Now, in order to login to your server with password, you will first need to enable SSH password authentication. And it is pretty easy to do that on your Linux based operating systems like Ubuntu.

Here is how you can enable SSH password authentication in your server.

STEP 1: Connect to your virtual server using an SSH client (e.g. Terminal on Mac or Ubuntu, or Git Bash on Windows). At this point, you will need your SSH authentication key that you received when setting up your server to login to your server. You can also use the cloud shell of your vps provider to get direct terminal access to your server if they provide you any.

STEP 2: In order to allow SSH password authentication, you will need to edit the /etc/ssh/sshd_config file. I will make use of the Nano editor to edit the file. So, to open the file in Nano editor, use the following command:

sudo nano /etc/ssh/sshd_config

Now, you will see the file open in the editor. There, scroll down using your arrow key and find the line containing PasswordAuthentication parameter and set its value from no to yes. Also, if that line starts with a #, make sure to remove it. Finally, the line will look like this:

PasswordAuthentication yes

STEP 3: If you also want to enable password authentication to SSH in as root, you will need to follow this step.

On that same file you edited in the last step, find another line containing PermitRootLogin parameter and set its value from prohibit-password to yes . Also, if that line starts with a #, make sure to remove it. Finally, the line will look like this:

PermitRootLogin yes

STEP 4: Now, you are done with editing. So, you can save the file and get out of the editor. Use the following keys to save your changes:

Ctrl + O

Then you will be prompted to edit the file name. There press the following key to keep the same name:

Enter

At this point, you have already saved your edits. So, you can close the editor using the following keys:

Ctrl + X

STEP 5: You have already made the changes necessary to enable password authentication for SSH. But for the changes to take effect, you will need to restart your SSH server. To do that, use the following command in your SSH terminal and press Enter:

sudo systemctl restart ssh

How to Login with Password

Congratulations! You have successfully enabled SSH password authentication. From now on, you can just type the following command on your SSH terminal and log in using your password:

ssh root@172.0.0.1

* Here, root is the username, and 172.0.0.1 is the IP address of your server. You may have a different username and IP address so make sure to replace those with your correct ones.

It will prompt you to enter your password. There type your password and press Enter. Even though the terminal won't show you any feedback when entering your password, it will work just fine underneath.

How to Change Password

You can now login to your server with password. But what is the password?

You may not know your password as you were using SSH keys to login to your server or you may forget your password. In any case, you can't just see the password from your server. These passwords are hashed and then stored on the server. This is a 1-way decode and so you can only enter a password and see if it matches but you can't view the actual password. So, now, the only way to know your password is to update it.

You can use the following command to change your password:

sudo passwd

It will prompt you to type your new password twice and then make that your password. This way you can just update your password and use that one to login to your server.

You can change the password of a specific username with this command by appending the username to this command as follows:

sudo passwd root

* Here root is the username. So if you want to change the password of a different user, you will need to replace it with the correct one.

Leave a Reply

Your email address will not be published. Required fields are marked *