Recently I got a question that read as follows:
How do I force user foo to change a password at the first time login using ssh?
As a sys admin you may need this kind of facility. There are many ways to achieve this.
You can set empty/null password and use passwd command to expire password. This will result into immediate password change for the first time.
For example you just need to type following two commands:
# usermod -p Ҡfoo
# chage -d 0 foo
You can also ignore first command if foo is already exists in system.
🐧 Get the latest tutorials on Linux, Open Source & DevOps via RSS feed or Weekly email newsletter.
🐧 6 comments so far... add one ↓
🐧 6 comments so far... add one ↓
Category | List of Unix and Linux commands |
---|---|
File Management | cat |
Firewall | Alpine Awall • CentOS 8 • OpenSUSE • RHEL 8 • Ubuntu 16.04 • Ubuntu 18.04 • Ubuntu 20.04 |
Network Utilities | dig • host • ip • nmap |
OpenVPN | CentOS 7 • CentOS 8 • Debian 10 • Debian 8/9 • Ubuntu 18.04 • Ubuntu 20.04 |
Package Manager | apk • apt |
Processes Management | bg • chroot • cron • disown • fg • jobs • killall • kill • pidof • pstree • pwdx • time |
Searching | grep • whereis • which |
User Information | groups • id • lastcomm • last • lid/libuser-lid • logname • members • users • whoami • who • w |
WireGuard VPN | Alpine • CentOS 8 • Debian 10 • Firewall • Ubuntu 20.04 |
Why my email always say it does not exist
that does no longer work on debian 7!
Hi,
Thanks for the tips and script.
But, after executing the above commands to enforce the user to change the password upon first login, I am not able to see this comment (You are required to change your password immediately (root enforced)) in PUTTY screen when I login as the respective user.
Of course, this works when I directly login on my VM.
The scripts should do a “cat” instead of the “more” … the more command will create a problem if there are more than page it will wait for a keypress.
Here are a set of scripts that work with RHEL 5.2. as Bash scripts.
userlist.txt – Contains a set of UID’s to be created.
useradd.sh – creates the UID’s
pass.sh – Changes the password for the uids defined in userlist.txt
passch.sh – sets the UID password to expire (forces the user the change password @ logon)
Example:
userlist.txt:
bob
tom
chickmcgee
useradd.sh:
#!/bin/sh
for i in `more userlist.txt`
do
echo ${i}
adduser ${i
}
done
pass.sh:
#!/bin/sh
for i in `more /root/users/userlist.txt `
do
echo ${i}
echo ${i}”1234″ | passwd –stdin ${i}
echo; echo “User ${i}.s password changed!”
done
passch.sh:
#!/bin/sh
for i in `more userlist.txt `
do
echo $i
echo ${i} | chage -d 0 ${i}
echo; echo “User $i will be forced to change password on next login!”
done
Hi, but if you are running a Debian based distro on your server it is necessary to add the ‘shadow’ file into your ‘/etc/’ directory if you want this to work. So, to do this execute the following command ‘pwconv’ from CLI and the ‘/etc/shadow’ file will be automatically created. After that execute the ‘chage -d 0 username’. And that it’s.
Cheers.