1

Mission : Let's say my remote server's firewall is configured to allow only my specific home IP to connect to port 22 and because of this I am not worried about security for this test. And maybe I also plan on using a very complex username such as "user_name_82391274829"

Is it possible for me to SSH to my server like this ? :

ssh user_name_82391274829@server
server:/#

In other words, it simply logs in,
without a password and without an ssh-key.

Note :
It should also work with SCP

Improve this question
11
  • 3
    Out of curiosity why would you not just use a key without a passphrase?
    – davidgo
    Commented Oct 4, 2019 at 5:40
  • 2
    Note: SSH communication is encrypted. Sorry, I guess you have telnet and netcat left. :D
    – Kamil Maciorowski
    Commented Oct 4, 2019 at 6:03
  • 3
    Thank you for your response. Apologies, but if security is important to you you need to overcome your thinking. There is no good reason to have objectively bad security because you don't fully understand an aspect of encryption. Its difficult to point you in a clear direction without knowing exactly where your mental block is. Are you struggling with the concept of public/private key technology or something else?
    – davidgo
    Commented Oct 4, 2019 at 6:06
  • 2
    SSH is maintained to provide security even for users who don't understand what's under the hood. There's a consensus if you're not an expert in cryptography, the best you can do is to trust solutions provided by experts. Any custom solution will most likely be less secure. But you're not even trying to build some custom security; you're deliberately lowering the security. If you "don't want anyone to log-in and delete or edit your files" you should properly use SSH with all benefits it gives you.
    – Kamil Maciorowski
    Commented Oct 4, 2019 at 6:13
  • 2
    Here is the thing - we all use technology we only vaguely understand all the time - every day. You must have communicated your post from a computer/cellphone. There is no way anyone understands all the aspects of even how the CPU works, let Aline the intricacies of the transmission mechanisms. In fact by using SSH at all you are using things you don't understand. Similarly for your OS/kernel. You almost certainly don't farmall your own food (its very hard), let alone make the tools from raw materials. You can't live off just sunlight and water. Not even plants can. (They need co2 etc)
    – davidgo
    Commented Oct 4, 2019 at 7:58

2 Answers 2

Reset to default
4

The other answer has many valid points. Read it because I won't repeat them. My answer is a practical guide.

  1. Set an empty password on the server (I assume user_name_82391274829 exists in the system; chpasswd needs root access):

    printf '%s\n' 'user_name_82391274829:U6aMy0wojraho' | chpasswd -e

    Note this is different from no password at all. After I set no password at all (passwd -d user_name_82391274829) the solution did not work, so stick to the above line with chpasswd -e.

  2. Proper values in sshd_config on the server:

    PasswordAuthentication yes
PermitEmptyPasswords yes

    Invoke systemctl reload ssh.service or equivalent command to reload sshd.

Tested on Debian 9.

Improve this answer
5
  • It is a DES hash of the empty password. It could be a different kind of hash (e.g. sha1crypt or md5crypt), but it still needs to be a valid password hash.
    – grawity_u1686
    Commented Oct 4, 2019 at 5:55
  • Although, would it work if the password field were completely empty (no hash at all)?
    – grawity_u1686
    Commented Oct 4, 2019 at 5:56
  • @grawity After passwd -d user_name_82391274829 it did not work for me.
    – Kamil Maciorowski
    Commented Oct 4, 2019 at 5:56
  • The comment in this answer superuser.com/a/384284/368397 says deleted password should also work with "add ssh to /etc/securetty"
    – Konstantin Pelepelin
    Commented Jan 30, 2020 at 12:37
  • You may also need to convince PAM to go along with this. On NixOS I had to security.pam.services.sshd.allowNullPassword = true; to make this work (in addition to the stuff above).
    – goertzenator
    Commented May 18, 2022 at 21:02
2

Is it possible for me to SSH to my server like this [...] it simply logs in, without a password and without an ssh-key.

Yes, it's possible with OpenSSH at least, by disabling the requirement that passwords be non-empty in the server's sshd_config file.

It should also work with SCP

SCP does not have its own authentication, it literally just calls ssh for the remote connection.

my remote server's firewall is configured to allow only my specific home IP to connect to port 22 and because of this I am not worried about security for this test.

That's not a very good excuse – IP address is one of the weakest forms of authentication there is. For one, the server doesn't know whether the connection is made by your actual PC, or by an infected device on your home network, or by your guest/neighbour who is on your home Wi-Fi.

Linux firewalls are also more likely to fail open: if there's a syntax error in the ruleset, for example, it might revert back to allowing everything from everywhere on reboot. (Whereas if you make a mistake in authorized_keys it still doesn't allow anyone except valid key entries.)

And maybe I also plan on using a very complex username such as "user_name_82391274829"

You just invented a password.

Improve this answer
4
  • I un-commented these two options in the sshd_config file and changed their values. PasswordAuthentication no .. PermitEmptyPasswords yes then I restarted the ssh server, this is the error I receive as I try to connect via ssh : ssh: Connection to root@test:22 exited: No auth methods could be used.
    – Sümer Kolçak
    Commented Oct 4, 2019 at 5:17
  • Hmm I think you need to keep password authentication enabled, even if it doesn't end up being used... And, obviously, make sure the account's password is indeed empty.
    – grawity_u1686
    Commented Oct 4, 2019 at 5:30
  • If I enable it, wouldn't it result in the password prompt showing up as I log-in via ssh ? I currently do not know how to set my password to empty because Linux will not allow it, however even if I made my password empty.. wouldn't there still be a password prompt which will be asking for an empty password ?
    – Sümer Kolçak
    Commented Oct 4, 2019 at 5:39
  • No, OpenSSH detects this situation and doesn't require auth in the first place.
    – grawity_u1686
    Commented Oct 4, 2019 at 5:58

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .