Learn how to force a user to change password at next login on Linux Ubuntu 22.04 LTS.
Introduction: Why Should You Force a User to Change their Password?
Passwords are one of the most important elements of server security. As a result, it is essential for organisations to ensure that their users have secure passwords that cannot be easily guessed or cracked. By forcing users to change their passwords regularly, organisations can reduce their risk of becoming victims of server and data breaches. Additionally, this will also help protect user accounts from being compromised by malicious actors who may be trying to gain access to confidential information. By regularly changing passwords, users can ensure that their accounts remain secure and protected from unauthorized access by hackers. It is recommended that organisations control the password policies of their users by forcing them to change their passwords on a regular basis. In order for this method to work, it is important for organisations to enforce a policy where users are forced to change their password every 30 days or after a certain amount of time has passed since the last update. This will help minimize the risk of server and data breaches.
1) Connect to your Ubuntu 22.04 LTS server via SSH
2) Use the passwd command to expire a user’s password
3) Use the chage command to expire a user’s password
4) TIP: Set password expiry when you create a user
Connect to your Linux Ubuntu 22.04 LTS server via SSH
If you are using Windows, Download Putty here. Once yiu have installed Putty, open it and type in the IP address of your Ubuntu server on the Host / IP Address field. Ensure that your set port to 22 and click Connect. If you face issues connecting to your Ubuntu server using an SSH client:
1) Ensure that the openssh-server package is installed. If not run the commands below to install it.
Use the passwd command to expire a user's password.
To force a user on your Linux Ubuntu 22.04 LTS server to change their password, you simply need to expire their existing password. You can use the passwd command which is normally used to set or change a password and specify the –expire or -e switch along with the username of the user. Run the command below replacing username with appropriate user name on you server
The chage command has more options that you can user to manage password related information for your users. If you run the command:
administrator@billysoftacademyvm:~$ chage –help
Usage: chage [options] LOGIN
-d, –lastday LAST_DAY set date of last password change to LAST_DAY
-E, –expiredate EXPIRE_DATE set account expiration date to EXPIRE_DATE
-h, –help display this help message and exit
-i, –iso8601 use YYYY-MM-DD when printing dates
-I, –inactive INACTIVE set password inactive after expiration
-l, –list show account aging information
-m, –mindays MIN_DAYS set minimum number of days before password
change to MIN_DAYS
-M, –maxdays MAX_DAYS set maximum number of days before password
change to MAX_DAYS
-R, –root CHROOT_DIR directory to chroot into
-W, –warndays WARN_DAYS set expiration warning days to WARN_DAYS.
Use the chage command to expire a user's password.
Alternatively you can use the chage command to force a user to change their password. You simply need to specify the -d option or –lastday option which actually sets the date of the last password change. When you run the command make sure to set a date that is older than todays date and replace username with the user name on your server 🙂
Alternatively you can run:
Set a password expiry when you create a user.
To avoid having to force users to change their password in the first place, you can simply set a password expiry value when you create a new user. This will ensure that after a certain period of time such as 30, 60 or 90 days, the Ubuntu OS will automatically prompt the user to change their password. Using passwd you can run the command: