Password based authentication for Bluvalt Linux Servers

Use case

The cloud images bundled by various Linux distributions have password authentication disabled by default for security reasons. The only possible way to login to an instance launched using one of these images is by specifying a security key during boot and using the key to ssh. Often you would want to enable password authentication like say to login through VNC console for debugging. This post will take you through the steps involved for enabling password authentication.

login using the pem key
ssh -i key_pair-name.pem user@floatingip

Create and attach a key-pair before you launch any instance.

On an OpenStack setup you can create key-pairs under: Project-> Compute-> Key Pairs.

As soon as you create one you would be prompted to download and save it to your disk. Later you can use the key-pair-name.pem file to ssh into your instance. Depending on the distribution of your image you have a default user to login as. For example on an Ubuntu image the default user is ubuntu. For Centos, the default user is centos. You can replace the floatingip with the FloatingIP address of your instance.

Elevate your privileges
sudo su -
Create a new user
useradd -G sudo -U -m username

Replace username with the name of your choice. The above command adds the newly created user to the ‘sudo’ group. This is necessary because in most cloud images all members of ‘sudo’ group have password-less ‘sudo’ access. Without this you might not be able to elevate your privileges after login. On certain systems that do not have ‘sudo’ group ‘admin’ group will have ‘sudo’ access and you can replace ‘sudo’ with ‘admin’ in the above command.

Set the password for the new user
passwd username

Enter the new password for the user and confirm the same.

Open /etc/ssh/sshd_config and set the following parameters:

vim /etc/ssh/sshd_config
ChallengeResponseAuthentication yes
PasswordAuthentication yes

Additionally if you want to enable root login you can set the below param too:

PermitRootLogin yes

Exit and save the file.

Then set a password for root user too:

passwd root

And enter the new password for root user and confirm the same.

Restart SSH Service

For Ubuntu Servers:

service ssh restart

For Centos Servers:

service sshd restart