On Mon, Nov 19, 2018 at 12:12:50PM -0500, Michael Stone wrote:
On Mon, Nov 19, 2018 at 09:43:29AM -0500, Jim Popovitch wrote:
On Mon, 2018-11-19 at 08:38 -0500, Michael Stone wrote:
On Mon, Nov 19, 2018 at 08:32:09AM -0500, Greg Wooledge wrote:
If you're only going to login to the account using ssh keys, you
don't need to give it a valid password hash at all. Just put a
string of rubbish (English words qualify) in the hash field of
/etc/shadow.
Don't do that. Just use a *.
Something that's always bugged me... is there any difference between
using * or ! (both are valid)?
! locks the account, * is a convention that means "no password".
I should clarify that a bit: a ! locked account can't be used at all
(assuming that all login methods respect that convention) whereas the *
account can't use password authentication but may be able to use other
mechanisms like ssh keys. A completely blank field indicates an empty
password.
