Howto set or force user to change a password at first login under Linux

Recently I got a question that read as follows:

How do I force user foo to change a password at the first time login using ssh?

As a sys admin you may need this kind of facility. There are many ways to achieve this.

You can set empty/null password and use passwd command to expire password. This will result into immediate password change for the first time.

For example you just need to type following two commands:
# usermod -p “” foo
# chage -d 0 foo

You can also ignore first command if foo is already exists in system.

🐧 If you liked this page, please support my work on Patreon or with a donation.
🐧 Get the latest tutorials on SysAdmin, Linux/Unix, Open Source & DevOps topics via:
CategoryList of Unix and Linux commands
File Managementcat
FirewallAlpine Awall CentOS 8 OpenSUSE RHEL 8 Ubuntu 16.04 Ubuntu 18.04 Ubuntu 20.04
Network Utilitiesdig host ip nmap
OpenVPNCentOS 7 CentOS 8 Debian 10 Debian 8/9 Ubuntu 18.04 Ubuntu 20.04
Package Managerapk apt
Processes Managementbg chroot cron disown fg jobs killall kill pidof pstree pwdx time
Searchinggrep whereis which
User Informationgroups id lastcomm last lid/libuser-lid logname members users whoami who w
WireGuard VPNAlpine CentOS 8 Debian 10 Firewall Ubuntu 20.04
6 comments… add one
  • portia Feb 2, 2016 @ 11:28

    Why my email always say it does not exist

  • flo Dec 11, 2014 @ 9:55

    that does no longer work on debian 7!

  • Prabhu Thiyagarajan Aug 30, 2012 @ 1:31

    Hi,

    Thanks for the tips and script.
    But, after executing the above commands to enforce the user to change the password upon first login, I am not able to see this comment (You are required to change your password immediately (root enforced)) in PUTTY screen when I login as the respective user.

    Of course, this works when I directly login on my VM.

  • Russell Cook Apr 19, 2012 @ 10:25

    The scripts should do a “cat” instead of the “more” … the more command will create a problem if there are more than page it will wait for a keypress.

  • Bob Clampett Aug 22, 2008 @ 14:48

    Here are a set of scripts that work with RHEL 5.2. as Bash scripts.

    userlist.txt – Contains a set of UID’s to be created.

    useradd.sh – creates the UID’s

    pass.sh – Changes the password for the uids defined in userlist.txt

    passch.sh – sets the UID password to expire (forces the user the change password @ logon)

    Example:
    userlist.txt:
    bob
    tom
    chickmcgee

    useradd.sh:
    #!/bin/sh

    for i in `more userlist.txt`

    do

    echo ${i}
    adduser ${i
    }
    done

    pass.sh:
    #!/bin/sh

    for i in `more /root/users/userlist.txt `

    do

    echo ${i}
    echo ${i}”1234″ | passwd –stdin ${i}

    echo; echo “User ${i}.s password changed!”

    done

    passch.sh:
    #!/bin/sh

    for i in `more userlist.txt `

    do

    echo $i

    echo ${i} | chage -d 0 ${i}

    echo; echo “User $i will be forced to change password on next login!”

    done

  • Dragan Mar 11, 2008 @ 21:36

    Hi, but if you are running a Debian based distro on your server it is necessary to add the ‘shadow’ file into your ‘/etc/’ directory if you want this to work. So, to do this execute the following command ‘pwconv’ from CLI and the ‘/etc/shadow’ file will be automatically created. After that execute the ‘chage -d 0 username’. And that it’s.

    Cheers.

Leave a Reply

Your email address will not be published. Required fields are marked *

Use HTML <pre>...</pre>, <code>...</code> and <kbd>...</kbd> for code samples.