wettshirt
By:
wettshirt

How can I stop my droplet from asking to change my password?

September 4, 2014 10.3k views

Just created a new droplet (Debian 7/x64) and logged in via SSH. After login, before dropping to a shell, sshd asks to change my password, which I did, successfully. But after logging out and logging in again, it keeps doing so. Any clue on how to disable this? I've tried looking at /etc/ssh/sshd_config, /etc/login.defs, /etc/pam.d, and using usermod + chage, all to no avail.

2 comments
  • It would be better anyway if you disable the password auth and instead use ssh key auth

  • I did and I can already login. But instead of the shell prompt, I always get the change password prompt.

    If I do "ssh root@ip somecommand" I'm getting the warning:

    WARNING: Your password has expired
    Password change required but no TTY available.
    

    But I'm not seeing my password as expired. Here's the redacted /etc/shadow entry:

    root:$6$...:16317:0::14:::
    
3 Answers

Ah, my bad. Turns out it is still showing password as expired because of ssh connection sharing (-S). If I turn off connection sharing (or use a new connection), the problem goes away:

# ssh -S none root@IPADDRESS
...
root@host:~#

To view information about password expiration you can run:

chage -l root

Running it without the -l flag will allow you to change the expiration date.

  • I already tried it and, in accordance to the /etc/shadow entry, chage doesn't show the root account's password as being expired:

    # chage -l root
    Last password change                                    : Sep 04, 2014
    Password expires                                        : never
    Password inactive                                       : never
    Account expires                                         : never
    Minimum number of days between password change          : 0
    Maximum number of days between password change          : -1
    Number of days of warning before password expires       : 14
    

I had this problem when I tried to remove ssh authentication and instead use username/password while using mup (Meteor deployment utility). When I ssh'ed into the server, it asked me to change the password, and then things were good from that point on.

Have another answer? Share your knowledge.