Create a Linux User with an Empty Password

From Leo's Notes
Last edited on 15 June 2020, at 00:26.

I had a need to create a 'guest’ account in one of my Linux installs which allows anonymous users within a trusted intranet to login to a specially crafted script. One of the issues that I was faced with was with passwd refusing to accept a blank password. To let empty password logins, we must manually change the account password.

When we look at /etc/shadow, we will see something similar to:

username:$1$ADUODeAy$gRz7rO6P5lFcPpYwqd7Eb0:14929:0:99999:7:::

The second field containing $1$ADUODeAy$gRz7rO6P5lFcPpYwqd7Eb0 is the password hash. The hash is delimited by $ and contains the following data:

  1. 1 denotes that the hash is a MD5 hash
  2. ADUODeAy is the salt
  3. gRz7rO6P5lFcPpYwqd7Eb0 is the actual password hash in MD5


To generate this hash manually, we can use openssl. We could use a different salt, but in this example, we use the same existing salt value.

# openssl passwd -1 -salt ADUODeAy
Password: [enter]
$1$ADUODeAy$eCJ1lPSxhSGmSvrmWxjLC1

Note that the first parameter, -1, tells openssl to use MD5 to generate the hash.

Replace the existing hash in /etc/shadow with the hash generated by openssl. The account now essentially has an empty password.

Notes:

  • You will need to temporarily change the permission of /etc/shadow in order to write to it.
  • You will need to enable 'PermitEmptyPasswords' in /etc/ssh/sshd_config for empty password logins to work
  • This can easily be a security risk to your machine! Ensure the account and server is locked down or use SSH keys for password-less logins! Remember, by default, users can SSH tunnel through this guest account. You must consider the implications of enabling such an account on your machine.