I had a very good reason to want a password-less account for users to login over SSH: make a publicly available Virtual Distributed Ethernet (vde) tunnel broker for anyone to connect anything from anywhere over a free public globally available layer-2 virtual ethernet switch requiring no password (details in next post).
It turned out to be pretty tricky, but I finally have what I wanted - an account on a Ubuntu 14.04 server that accepts ssh connections from anywhere to a user without prompting from a password. This has nothing to do with exporting rsa/dsa keys and manipulating .ssh/authorized_keys etc. Neither has this anything to do with passwordless logon to Linux graphical desktops.
Here is a summary of what worked for me.
- adduser someuser
- passwd -d someuser #delete password
- vi /etc/ssh/sshd_config
- Chanege PermitEmptyPasswords from no to yes, i.e.
# PermitEmptyPasswords no
- If AllowUsers is enabled, don't forget to add the new username to the list of allowed users. I always configure the AllowUsers line to limit usernames that can log in to my internet-facing servers.
- service ssh restart
- vi /etc/pam.d/common-auth
- change nullok_secure to nullok as in:
# auth [success=1 default=ignore] pam_unix.so nullok_secure
auth [success=1 default=ignore] pam_unix.so nullok
- vi /etc/securetty
- add the following line (I put it under "console" at the very top):
- suppress the big Ubuntu login banner by creating an empty file called .hushlogin in the new user's home directory