How to set up SSH so I don’t have to type a password, and without using a public key

sshunix

I know there are dozens of questions here about how to connect to an SSH server without typing your password every time, and the answer is always "use a public key." Well, I find myself in the rare circumstance where that is really not an option. For some inexplicable reason, the OpenSSH daemon on the server I'm trying to connect to is configured with

RSAAuthentication no
PubkeyAuthentication no

in /etc/ssh/sshd_config. I don't have any administrative access on the server so I can't change these or any other server configuration options. (I do, of course, have full control over the client configuration: OpenSSH 5.8 on Linux.)

What are my options, and in particular, what is the safest option, to avoid having to type my password every time I want to SSH into this server? I keep my own computers fairly well secured, so let's assume the security risks of storing the password in a file on the client are acceptably low, if that is indeed necessary.

The other authentication methods the server can accept are evidently GSS API (which I know nothing about), keyboard interactive (which I also know nothing about), and password. Here are some relevant configuration options:

#ChallengeResponseAuthentication yes

#KerberosAuthentication no

GSSAPIAuthentication yes
GSSAPICleanupCredentials yes

#UsePAM no

and here is a debug (-vv) trace:

debug1: Authentications that can continue: gssapi-with-mic,password,keyboard-interactive
debug1: Next authentication method: gssapi-with-mic
debug1: Unspecified GSS failure.  Minor code may provide more information
Credentials cache file '/tmp/krb5cc_1000' not found
debug1: Unspecified GSS failure.  Minor code may provide more information
Credentials cache file '/tmp/krb5cc_1000' not found
debug1: Unspecified GSS failure.  Minor code may provide more information

debug1: Unspecified GSS failure.  Minor code may provide more information

debug2: we did not send a packet, disable method
debug1: Next authentication method: keyboard-interactive
debug2: userauth_kbdint
debug2: we sent a keyboard-interactive packet, wait for reply
debug1: Authentications that can continue: gssapi-with-mic,password,keyboard-interactive
debug2: we did not send a packet, disable method
debug1: Next authentication method: password

Best Answer

In this case, writing (or better recording) an expect script would be one of your options.

Each system is different so there won't be a script, but with autoexpect it is very easy to record a script for this purpose.

Related Question