Recently I got a question that read as follows:
How do I force user foo to change a password at the first time login using ssh?
As a sys admin you may need this kind of facility. There are many ways to achieve this.
You can set empty/null password and use passwd command to expire password. This will result into immediate password change for the first time.
For example you just need to type following two commands:
# usermod -p “” foo
# chage -d 0 foo
You can also ignore first command if foo is already exists in system.
Featured Articles:
- 30 Handy Bash Shell Aliases For Linux / Unix / Mac OS X
- Top 30 Nmap Command Examples For Sys/Network Admins
- 25 PHP Security Best Practices For Sys Admins
- 20 Linux System Monitoring Tools Every SysAdmin Should Know
- 20 Linux Server Hardening Security Tips
- Linux: 20 Iptables Examples For New SysAdmins
- Top 20 OpenSSH Server Best Security Practices
- Top 20 Nginx WebServer Best Security Practices
- 20 Examples: Make Sure Unix / Linux Configuration Files Are Free From Syntax Errors
- 15 Greatest Open Source Terminal Applications Of 2012
- My 10 UNIX Command Line Mistakes
- Top 10 Open Source Web-Based Project Management Software
- Top 5 Email Client For Linux, Mac OS X, and Windows Users
- The Novice Guide To Buying A Linux Laptop
{ 4 comments… read them below or add one }
Hi, but if you are running a Debian based distro on your server it is necessary to add the ‘shadow’ file into your ‘/etc/’ directory if you want this to work. So, to do this execute the following command ‘pwconv’ from CLI and the ‘/etc/shadow’ file will be automatically created. After that execute the ‘chage -d 0 username’. And that it’s.
Cheers.
Here are a set of scripts that work with RHEL 5.2. as Bash scripts.
userlist.txt – Contains a set of UID’s to be created.
useradd.sh – creates the UID’s
pass.sh – Changes the password for the uids defined in userlist.txt
passch.sh – sets the UID password to expire (forces the user the change password @ logon)
Example:
userlist.txt:
bob
tom
chickmcgee
useradd.sh:
#!/bin/sh
for i in `more userlist.txt`
do
echo ${i}
adduser ${i
}
done
pass.sh:
#!/bin/sh
for i in `more /root/users/userlist.txt `
do
echo ${i}
echo ${i}”1234″ | passwd –stdin ${i}
echo; echo “User ${i}.s password changed!”
done
passch.sh:
#!/bin/sh
for i in `more userlist.txt `
do
echo $i
echo ${i} | chage -d 0 ${i}
echo; echo “User $i will be forced to change password on next login!”
done
The scripts should do a “cat” instead of the “more” … the more command will create a problem if there are more than page it will wait for a keypress.
Hi,
Thanks for the tips and script.
But, after executing the above commands to enforce the user to change the password upon first login, I am not able to see this comment (You are required to change your password immediately (root enforced)) in PUTTY screen when I login as the respective user.
Of course, this works when I directly login on my VM.