Add a user without password but with SSH and public key
I want to add a user to Red Hat Linux that will not use a password for logging in, but instead use a public key for ssh. This would be on the command line.
useradd —password-disable and adduser —password disable. I’ve looked at the options for both and don’t see password disable as an option for either.
Do you know how to set up an ssh key login in general? I think the account just needs to not be locked, which would imply that there is some password active. It can be some long password that no one actually knows.
I have the key and know that I need to create the folder under user’s directory and paste public portion there. I can try that way, but thought that I needed to disable the user password too.
Rather than make another post showing you how to add a user, I agree with Lambert. You need to focus specifically on the part of this task you are having trouble with. If you don’t know how to even add a user, you should start small and work your way up. I believe you only need to create the user, don’t set any password, and put their key in /home/username/.ssh/authorized_keys.
4 Answers 4
Start with creating a user:
useradd -m -d /home/username -s /bin/bash username Create a key pair from the client which you will use to ssh from:
Copy the public key /home/username/.ssh/id_rsa.pub onto the RedHat host into /home/username/.ssh/authorized_keys
Set correct permissions on the files on the RedHat host:
chown -R username:username /home/username/.ssh chmod 700 /home/username/.ssh chmod 600 /home/username/.ssh/authorized_keys Ensure that Public Key authentication is enabled on the RedHat host:
grep PubkeyAuthentication /etc/ssh/sshd_config #should output: PubkeyAuthentication yes If not, change that directive to yes and restart the sshd service on the RedHat host.
From the client start an ssh connection:
It should automatically look for the key id_rsa in ~/.ssh/ . You can also specify an identity file using:
ssh -i ~/.ssh/id_rsa username@redhathost How to add a guest account without a password?
Sometimes I have friends in my house that want use my computer. How can they use a guest account without typing a password?
5 Answers 5
Method 1
user@ubuntu:~$ sudo adduser guest user@ubuntu:~$ sudo passwd -d guest This will add a user called «guest», then delete her password. You can log in from both the standard getty login prompt and graphical login managers like GDM. This works for me on Ubuntu 10.10.
However, apparently this doesn’t work for some people using Ubuntu. Thus:
Method 2
- Make a user.
- Open /etc/shadow: gksudo gedit /etc/shadow
- Find the line that starts with the user you just made. Notice the line has multiple fields separated by colons.
- Change the second field to: U6aMy0wojraho . In my case:
guest:$6$m4CpcgBw$i9XLGaUNToClOJ1X5Grug/COUjlkhoPv1:15048:0:99999:7.
guest:U6aMy0wojraho:15048:0:99999:7. The origin of this method is from the Ubuntu livecd. The default user (ubuntu) requires no login password. If you look at /etc/shadow on the livecd, U6aMy0wojraho is the encrypted form of the magic password used. I explain this to emphasize this is not a general linux solution, but something specifically Ubuntu.
There will be a guest account by default.Try clicking your username at the top-right corner and activate «Guest Session» under there. Also see the posts below,
Create a new user, without administration access, then click in: «No passwd at login». This may solve your problem, but you can log in, and at your name (at right up): Guest-session.
Here’s how I created Guest Account without password with tmpfs (RAM is used as disk space)
# Run these as root or prefix sudo useradd -c "Guest [click here]" guest ; # add a user named passwd guest ; # just give any password passwd -d guest ; # delete the password to make password less login UserID=$(id -u guest) ; # to set ownership of /home/guest directory GroupIP=$(id -g guest); # get the group id for home directory permission usermod -aG audio,plugdev,video,netdev,bluetooth guest ; # give device access (this is for debian) rm -rf /home/guest ; # in case there are files/directories mkdir -pv /home/guest ; # should mount if non empty but make sure it is empty echo "tmpfs /home/guest tmpfs rw,size=1024M,nosuid,uid=$UserID,gid=$GroupID 0 0" >> \ /etc/fstab mount /home/guest Now you can login with guest without password everytime and data is stored up to 1GB in RAM which will be deleted on system shutdown!
Create user with a blank password
How do I create a user with a blank password in Lubuntu? It seems that a password with a certain length is required when you create a new user. How do I avoid that?
3 Answers 3
Why would you want a user without a password? That’s just asking for trouble specially if this machine is on the Internet or a network. Why not setup a password for the user but have them auto-login. If you still want to have that done, then just press Ctrl + Alt + T on your keyboard to open Terminal. When it opens, run the command(s) below:
sudo useradd sudo passwd -d
To enable auto-login, create the user, type in a password, and check Don’t ask for password on login.
My children don’t need a password on our ‘shared’ computer. They don’t have administrator privileges. They just use it for games.
On Ubuntu Mate 20.4 this will still ask for the password when switching users because it locks the screen.
It is possible, but not as easy as you may think. Normally, a user without password can not login on a Linux system. So you have to set a password hash which maches an empty string.
Have a look at this discussion to learn how to do it. Short answer is to put U6aMy0wojraho for the hash of the blank password in /etc/passwd , like TheUsersName:U6aMy0wojraho: .
Create an user with empty password
sudo useradd test-user-0 echo test-user-0:U6aMy0wojraho | sudo chpasswd -e su test-user-0 The password prompt still shows unfortunately.
But if you just hit enter without typing anything, and it logins as the user test-user-0 .
The -e flags tells chpasswd that the password is already encrypted, and U6aMy0wojraho is the hash of the empty string.
BusyBox autologin
Creating a user without a password
Nothing is wrong, the authentication failed as expected. You won’t get a «there is no password, you can’t login» error message.
Either create it as root and set the correct permissions, or execute su git as root where you don’t have to provide a password.
I just wanted to point out that letting the git user have Bash as a shell is a bad idea, security wise. That would allow users of this repo to get a shell in your server. If you set the shell to /usr/bin/git-shell you can limit their account to using git and nothing else. (You should also limit SFTP access but that can only be done from /etc/sshd_config). Now, once you changed the shell, «su» won’t work as-is. You’ll have to do «su -s /bin/sh git» instead.
7 Answers 7
The —disabled-password option will not set a password, meaning no password is legal, but login is still possible (for example with SSH RSA keys).
To create an user without a password, use passwd -d $username after the user is created to make the password empty. Note not all systems allow users with empty password to log in.
You’ve created a user with a “disabled password”, meaning that there is no password that will let you log in as this user. This is different from creating a user that anyone can log in as without supplying a password, which is achieved by specifying an empty password and is very rarely useful.
In order to execute commands as such “system” users who don’t log in normally, you need to hop via the root account:
If you want certain users to be able to run commands as the git user without letting them run commands as root, set up sudo (run visudo as root and add a line like %gitters ALL = (git) ALL ).
Ubuntu 19.10 seems like does not have —disabled-password parameter, could there be any alternative solution
@alper Write the full path: sudo -u git cat /wherever/main.py . Or add a cd command: sudo -u git sh -c ‘cd /wherever && cat main.py’ . If you want to be sure that the other user doesn’t get access to the current directory even if the command doesn’t do what was intended, change directories outside: (cd /wherever && sudo -u git cat main.py)
@alper You didn’t use the commands I posted. You used one of many variants (too many for me to guess the exact one) that would result in this particular error. You need to invoke a shell for cd and && .
If you want to access the system under the git user you should use sudo:
Create an user with empty password
sudo useradd test-user-0 echo test-user-0:U6aMy0wojraho | sudo chpasswd -e su test-user-0 The password prompt still shows unfortunately.
But if you just hit enter without typing anything, and it logins as the user test-user-0 .
The -e flags tells chpasswd that the password is already encrypted, and U6aMy0wojraho is the hash of the empty string.
Terminal autologin with getty -a
On the terminal at least, you don’t need to create an user without a password to allow someone to not type their passwords every time.
So I believe that it should not be very hard to adapt that technique by modifying Ubuntu 18.04’s systemd init system scripts to setup a getty -a terminal as mentioned in that answer, although I haven’t tried to do it myself.