Linux – How to create a Linux user without a password but being able to set it

authenticationdebianlinuxsshUbuntu

I have a username and an SSH key for a (hypothetical) guy and I need to give him admin access to a Linux (Ubuntu) server.

I want him to be able to log in via SSH and then set his password by himself over a secure connection, instead of passing the password around.

I know how to make the password expire and force him to reset it on first login. But this doesn't work unless he has some password already, which I then have to tell him.

I thought about making the password blank – SSH wouldn't allow login, but then anyone can su into the user.

My question is, is there some best practice to creating accounts in such a way? Or setting a default password is unavoidable?

Best Answer

You have his SSH public key? Put it in .ssh/authorized_keys in his home directory. Once you have done that (and the permissions are restrictive enough - SSH is fussy about that.) he will be able to log in without needing a password at all... and he will never need one.

The best part is that his public key is not sensitive, so passing it around in emails or chat is fine, and his private key never leaves his computer.

Best Answer

Related Solutions

Linux – PuTTY Session Closed on Expired Password Over SSH Connection

Linux – How to determine if the Linux box has been infiltrated

Related Topic