Enable ssh login with password for a user

Question

I am the admin of a Ubuntu 20.04 server and I want to enable ssh login for a user through password, rather than using key pairs.

The /etc/ssh/ssh_config file on the host looks like this (<username> is replaced by its actual username):

Host*
    SendEnv LANG LC_*
    HashKnownHosts yes
    GSSAPIAuthentication yes
Match User <username>
    PubkeyAuthentication no
    PreferredAuthentications password
    PasswordAuthentication yes

Still, when he tries to login as:

ssh \<username>@\<host>

he receive an error:

Permission denied (publickey)

What am I doing wrong?

Answer 1

I had set PasswordAuthentication yes on the server and restarted ssh.service, but it still did not offer password login. Not fancying typing over the public key into the Raspberry Pi's physical console, where I was trying to set up a regular Ubuntu Server 24.04, I ended up finding out that there is an extra config file which will override any change you made to the regular sshd_config:

$ cat /etc/ssh/sshd_config.d/50-cloud-init.conf
PasswordAuthentication no

Why they chose not to use the regular /etc/ssh/sshd_config for its defaults is unclear to me but changing this extra file to yes worked.

Update: Be sure to also check other files in that directory, e.g. on an Ubuntu 24.04 LTS server, the culprit was:
/etc/ssh/sshd_config.d/60-cloudimg-settings.conf

Answer 2

Note: You have to edit the ssh daemon config, not the ssh.config in the remote computer.

I assume the ssh-server is configured to user key based authentication only and password based authentication is turned off in the file /etc/ssh/sshd_config.

Create an additional config file:

Newer versions of openssh-server allows creation of /etc/ssh/sshd_config.d/*.conf files rather than editing the ``/etc/ssh/sshd_config` file.

Create a new file /etc/ssh/sshd_config.d/10-password-login-for-special-user.conf:

sudo nano /etc/ssh/sshd_config.d/10-password-login-for-special-user.conf 

Add the following lines:

Match User <username>
    PasswordAuthentication yes

Replace <username> with the username of the special user.

Save the file using Ctrl+O followed by Enter. Then exit the editor by Ctrl+X.

Restart the ssh service by the following command:

sudo systemctl restart ssh.service

Now the special user will be able to login remotely using password, while all other users will continue to use key based authentication.

Referrences:

• SSH Allow Password For One User, Rest Only Allow Public Keys
• Key based SSH login that requires both key AND password

Hope this helps

Answer 3

Answer by Luc worked for me. on my machine the filename started with 60-something. I made changes like this :

Match User my-user
    PasswordAuthentication yes
Match All
    PasswordAuthentication no

Answer 4

For a bit more added context: 3rd party platforms such as virtual private server or cloud providers include their own settings in the Linux images provided which override custom SSH changes.

To enable SSH password authentication these changes also need to be made:

in /etc/ssh/ssd_config edit:

#Include /etc/ssh/sdd_confid./*conf

in /etc/cloud/cloud.cfg edit:

disable_root: false
ssh_pwauth: true

in /etc/cloud/cloud.cfg.d/00_defaults edit:

ssh_pwauth: true