How to create a Linux user without a password but being able to set it?

Question

I have a username and an SSH key for a (hypothetical) guy and I need to give him admin access to a Linux (Ubuntu) server.

I want him to be able to log in via SSH and then set his password by himself over a secure connection, instead of passing the password around.

I know how to make the password expire and force him to reset it on first login. But this doesn't work unless he has some password already, which I then have to tell him.

I thought about making the password blank - SSH wouldn't allow login, but then anyone can su into the user.

My question is, is there some best practice to creating accounts in such a way? Or setting a default password is unavoidable?

Ladadadada · Answer 1 · 2012-09-01T23:42:19.450

7

You have his SSH public key? Put it in .ssh/authorized_keys in his home directory. Once you have done that (and the permissions are restrictive enough - SSH is fussy about that.) he will be able to log in without needing a password at all... and he will never need one.

The best part is that his public key is not sensitive, so passing it around in emails or chat is fine, and his private key never leaves his computer.

edited Sep 01 '12 at 23:42

answered Sep 01 '12 at 23:30

Ladadadada

26,337
7
59
90

1

He will need a password to `sudo`, won't he? – Leonid Shevtsov Sep 01 '12 at 23:51
1

You can allow passwordless sudo. – MDMarra Sep 01 '12 at 23:52
1

With a line like `USERNAME = NOPASSWD: /usr/local/bin/pwreset.sh` in `/etc/sudoers` and the script `pwreset.sh` running the command `/usr/bin/passwd USERNAME` he won't need a password for (re-)setting his own password. – Ansgar Wiechers Sep 02 '12 at 01:22

score 0 · Answer 2 · answered Jan 31 '13 at 10:15

Simply put a text file with the password inside that users home with rights 600. The user logs in with the key changes the password and deletes the file. With a skript with suid bit set you can even create something like passwd < textfile without giving the user the right to read the file (rights would be 060 with group= root )

score -2 · Answer 3 · answered Sep 01 '12 at 23:34

-2

Setting a default password is unavoidable. My procedure would be:

1) generate a secure, random password (different for each user). I use the password generator in OSX's account settings but you could use a website such as http://strongpasswordgenerator.com

2) Supply the password to them securely, e.g. in person or via http://www.privnote.com

3) force a reset on first login as you already know how to do

answered Sep 01 '12 at 23:34

Oliver Kohll

101
2

**Never**, under **no** circumstances, use **any** kind of online password generator (or -checker for that matter). – Ansgar Wiechers Sep 02 '12 at 00:09
@AnsgarWiechers, can you support that statement with a good argument? – Zoredache Sep 02 '12 at 00:37
Too much involved that you're unable to control. Even if the code really is JavaScript running in the browser: do you peer-review the script every time before using it to make sure that it *still* doesn't send the password anywhere? – Ansgar Wiechers Sep 02 '12 at 01:07
Which is why you tell it to generate a few hundred passwords and choose one at random. – Grant Sep 02 '12 at 03:02
@Grant: Even if you pick one out of a few hundred passwords, an attacker would still be down to a few hundred guesses, which are *far* too easy to brute-force. There are enough options at hand to generate random passwords locally without any kind of web access involved. If you care about security at all: use one of those. – Ansgar Wiechers Sep 02 '12 at 11:10
@AnsgarWiechers they would also need to know the username, the system its on, and what the account is for before they could even try to brute force anything. – Grant Sep 02 '12 at 12:59
@Grant Always assume that the username is known to the attacker. The secret is the password and only the password. – Ansgar Wiechers Sep 02 '12 at 13:11

How to create a Linux user without a password but being able to set it?

3 Answers3