Add a user without password but with SSH and public key
I want to add a user to Red Hat Linux that will not use a password for logging in, but instead use a public key for ssh. This would be on the command line.
useradd —password-disable and adduser —password disable. I’ve looked at the options for both and don’t see password disable as an option for either.
Do you know how to set up an ssh key login in general? I think the account just needs to not be locked, which would imply that there is some password active. It can be some long password that no one actually knows.
I have the key and know that I need to create the folder under user’s directory and paste public portion there. I can try that way, but thought that I needed to disable the user password too.
Rather than make another post showing you how to add a user, I agree with Lambert. You need to focus specifically on the part of this task you are having trouble with. If you don’t know how to even add a user, you should start small and work your way up. I believe you only need to create the user, don’t set any password, and put their key in /home/username/.ssh/authorized_keys.
4 Answers 4
Start with creating a user:
useradd -m -d /home/username -s /bin/bash username
Create a key pair from the client which you will use to ssh from:
Copy the public key /home/username/.ssh/id_rsa.pub onto the RedHat host into /home/username/.ssh/authorized_keys
Set correct permissions on the files on the RedHat host:
chown -R username:username /home/username/.ssh chmod 700 /home/username/.ssh chmod 600 /home/username/.ssh/authorized_keys
Ensure that Public Key authentication is enabled on the RedHat host:
grep PubkeyAuthentication /etc/ssh/sshd_config #should output: PubkeyAuthentication yes
If not, change that directive to yes and restart the sshd service on the RedHat host.
From the client start an ssh connection:
It should automatically look for the key id_rsa in ~/.ssh/ . You can also specify an identity file using:
ssh -i ~/.ssh/id_rsa username@redhathost
Create user with a blank password
How do I create a user with a blank password in Lubuntu? It seems that a password with a certain length is required when you create a new user. How do I avoid that?
3 Answers 3
Why would you want a user without a password? That’s just asking for trouble specially if this machine is on the Internet or a network. Why not setup a password for the user but have them auto-login. If you still want to have that done, then just press Ctrl + Alt + T on your keyboard to open Terminal. When it opens, run the command(s) below:
sudo useradd sudo passwd -d
To enable auto-login, create the user, type in a password, and check Don’t ask for password on login.
My children don’t need a password on our ‘shared’ computer. They don’t have administrator privileges. They just use it for games.
On Ubuntu Mate 20.4 this will still ask for the password when switching users because it locks the screen.
It is possible, but not as easy as you may think. Normally, a user without password can not login on a Linux system. So you have to set a password hash which maches an empty string.
Have a look at this discussion to learn how to do it. Short answer is to put U6aMy0wojraho for the hash of the blank password in /etc/passwd , like TheUsersName:U6aMy0wojraho: .
Create an user with empty password
sudo useradd test-user-0 echo test-user-0:U6aMy0wojraho | sudo chpasswd -e su test-user-0
The password prompt still shows unfortunately.
But if you just hit enter without typing anything, and it logins as the user test-user-0 .
The -e flags tells chpasswd that the password is already encrypted, and U6aMy0wojraho is the hash of the empty string.
BusyBox autologin
Creating a user without a password
Nothing is wrong, the authentication failed as expected. You won’t get a «there is no password, you can’t login» error message.
Either create it as root and set the correct permissions, or execute su git as root where you don’t have to provide a password.
I just wanted to point out that letting the git user have Bash as a shell is a bad idea, security wise. That would allow users of this repo to get a shell in your server. If you set the shell to /usr/bin/git-shell you can limit their account to using git and nothing else. (You should also limit SFTP access but that can only be done from /etc/sshd_config). Now, once you changed the shell, «su» won’t work as-is. You’ll have to do «su -s /bin/sh git» instead.
7 Answers 7
The —disabled-password option will not set a password, meaning no password is legal, but login is still possible (for example with SSH RSA keys).
To create an user without a password, use passwd -d $username after the user is created to make the password empty. Note not all systems allow users with empty password to log in.
You’ve created a user with a “disabled password”, meaning that there is no password that will let you log in as this user. This is different from creating a user that anyone can log in as without supplying a password, which is achieved by specifying an empty password and is very rarely useful.
In order to execute commands as such “system” users who don’t log in normally, you need to hop via the root account:
If you want certain users to be able to run commands as the git user without letting them run commands as root, set up sudo (run visudo as root and add a line like %gitters ALL = (git) ALL ).
Ubuntu 19.10 seems like does not have —disabled-password parameter, could there be any alternative solution
@alper Write the full path: sudo -u git cat /wherever/main.py . Or add a cd command: sudo -u git sh -c ‘cd /wherever && cat main.py’ . If you want to be sure that the other user doesn’t get access to the current directory even if the command doesn’t do what was intended, change directories outside: (cd /wherever && sudo -u git cat main.py)
@alper You didn’t use the commands I posted. You used one of many variants (too many for me to guess the exact one) that would result in this particular error. You need to invoke a shell for cd and && .
If you want to access the system under the git user you should use sudo:
Create an user with empty password
sudo useradd test-user-0 echo test-user-0:U6aMy0wojraho | sudo chpasswd -e su test-user-0
The password prompt still shows unfortunately.
But if you just hit enter without typing anything, and it logins as the user test-user-0 .
The -e flags tells chpasswd that the password is already encrypted, and U6aMy0wojraho is the hash of the empty string.
Terminal autologin with getty -a
On the terminal at least, you don’t need to create an user without a password to allow someone to not type their passwords every time.
So I believe that it should not be very hard to adapt that technique by modifying Ubuntu 18.04’s systemd init system scripts to setup a getty -a terminal as mentioned in that answer, although I haven’t tried to do it myself.
Can I set my user account to have no password?
If I attempt to change my password to nothing by opening «User Accounts», the «Change» button remains greyed out: How do I change my password to be empty? I know you can set Ubuntu to automatically log you in, but I want my password to be empty, I never want to type in a password to authenticate myself as that user. I know that there are reasons why this might not be a good idea, but I want to know if it is even possible. I’m using Ubuntu 12.10.
@Kaz It doesn’t if you follow all the steps in the answer, including the step that was linked to at the end.
6 Answers 6
You can’t do that using the GUI tool, but you can using the terminal.
- First, if your user has sudo privileges, you must enable its NOPASSWD option. Otherwise, sudo will ask for a password even when you don’t have one, and won’t accept an empty password. To do so, open the sudoers configuration file with sudo visudo , and add the following line to the file, replacing david with your username:
If you ever get prompted for a password, just type enter and it should work. I’ve tested this answer with LightDM, the lock screen, sudo , gksu , and it works.
Any new visudo edits such as nopasswd should be added to the end so no other setting overwrites the entry.
This did not work for me (Ubuntu 16.04) via ssh login. It still asks for a password, but no password is accepted (blank or the old one or the one for the ssh key).
On Debian I got the message «Sorry that didn’t work try again» when I try to log with empty password after the command passwd david -d . And now I can’t login with the old password too.
Warning: Be careful once you remove your password using this method, you won’t be able to authenticate yourself to prove you have admin rights, in a GUI or in the terminal (like installing an application using Synaptic, or using sudo through the command-line). This is because of bug #1168749.
Only do this if the user is not the only admin user.
This has been tested on Ubuntu 12.04 and 12.10.
- Make sure that you click on Unlock to be able to accomplish the tasks below:
- Go into user accounts, and click on the password field:
- Once the window opens, click on the down arrow to the right of «Action».
- and change it to «Log in without a password», and then click on «Change»:
- Optionally, you can also enable automatic log-in, like this:
To give the user a password again after running this procedure, you can’t use a GUI (bug #882255), you have to use the command-line:
- Log in as another user with admin priveleges. (Remember, the original one cannot run with admin privileges without a password using this method.)
- Run the following in a terminal:
Again, I must warn you that once you remove the password, you won’t be able to authenticate yourself in the GUI or a terminal, like installing an application using Synaptic, or using sudo on the command-line.