1
I am trying to mass creating users that can login via ssh private/public keys but which can not login with users (kind of like using newusers but I want to make sure users will not be able to login via ssh).
My approach: via script, I create users with useradd username, then I create the key via ssh-keygen and I put the public key as authorized_keys on the ssh server (assume that id_rsa, id_rsa.pub and authorized_keys are in the right places on both sides, permissions are correct and ownership as well)
Unfortunately, with useradd, accounts are created disabled. I can only login if I set the password with passwd first. if I try to enable the account with passwd -u username, it complains about it being unsafe (rightly so). I saw people recommending to lock the user with passwd -l but it still can not login even if the key is there. I could generate a random password but I am looking if there is a better way (no disallowing logins for all users is not an option)
Thanks in advance for your help.
Unfortunately I had tried that. I tried your steps again on 3 systems, different linux flavors. If the password is set with passwd, it works if not, I can't login. I get around that by generating a random password,encrypting it and passing it to useradd – Youn Elan – 2014-04-15T19:34:23.243