Recently I got a question that read as follows:
ADVERTISEMENTS
How do I force user foo to change a password at the first time login using ssh?
As a sys admin you may need this kind of facility. There are many ways to achieve this.
You can set empty/null password and use passwd command to expire password. This will result into immediate password change for the first time.
For example you just need to type following two commands:
# usermod -p Ҡfoo
# chage -d 0 foo
You can also ignore first command if foo is already exists in system.
🐧 Get the latest tutorials on SysAdmin, Linux/Unix, Open Source & DevOps topics via:
- RSS feed or Weekly email newsletter
- Share to Twitter • Facebook • 6 comments... add one ↓
READ NEXT
Top 20 OpenSSH Server Best Security Practices
40 Linux Server Hardening Security Tips [2019 edition]
Linux / UNIX: Find Out If File Exists With Conditional Expressions in a Bash Shell
Linux 25 PHP Security Best Practices For Sys Admins
Linux Commands For Shared Library Management & Debugging Problem
30 Handy Bash Shell Aliases For Linux / Unix / MacOS
SSH Public Key Based Authentication on a Linux/Unix server
| Category | List of Unix and Linux commands |
|---|---|
| File Management | cat |
| Network Utilities | dig • host • ip • nmap |
| Package Manager | apk • apt |
| Processes Management | bg • chroot • disown • fg • jobs • killall • kill • pidof • pstree • pwdx • time |
| Searching | grep • whereis • which |
| User Information | groups • id • lastcomm • last • lid/libuser-lid • logname • members • users • whoami • who • w |
Hi, but if you are running a Debian based distro on your server it is necessary to add the ‘shadow’ file into your ‘/etc/’ directory if you want this to work. So, to do this execute the following command ‘pwconv’ from CLI and the ‘/etc/shadow’ file will be automatically created. After that execute the ‘chage -d 0 username’. And that it’s.
Cheers.
Here are a set of scripts that work with RHEL 5.2. as Bash scripts.
userlist.txt – Contains a set of UID’s to be created.
useradd.sh – creates the UID’s
pass.sh – Changes the password for the uids defined in userlist.txt
passch.sh – sets the UID password to expire (forces the user the change password @ logon)
Example:
userlist.txt:
bob
tom
chickmcgee
useradd.sh:
#!/bin/sh
for i in `more userlist.txt`
do
echo ${i}
adduser ${i
}
done
pass.sh:
#!/bin/sh
for i in `more /root/users/userlist.txt `
do
echo ${i}
echo ${i}”1234″ | passwd –stdin ${i}
echo; echo “User ${i}.s password changed!”
done
passch.sh:
#!/bin/sh
for i in `more userlist.txt `
do
echo $i
echo ${i} | chage -d 0 ${i}
echo; echo “User $i will be forced to change password on next login!”
done
The scripts should do a “cat” instead of the “more” … the more command will create a problem if there are more than page it will wait for a keypress.
Hi,
Thanks for the tips and script.
But, after executing the above commands to enforce the user to change the password upon first login, I am not able to see this comment (You are required to change your password immediately (root enforced)) in PUTTY screen when I login as the respective user.
Of course, this works when I directly login on my VM.
that does no longer work on debian 7!
Why my email always say it does not exist