Passwordless and keyless SSH guest access

I am trying to set up a guest user that allows ssh access without a password AND without a keyfile.

All my searches turns up people trying to set up password-less entry with a keyfile. This is not what I’m looking for.

I would settle for just having a blank password, but I can’t get that working either; if I delete the user’s password, the SSH daemon won’t allow any access. I’ve set “PermitEmptyPasswords yes” in the config file and restarted the service.

I’m running Ubuntu 14.04.1 LTS.

Asked By: Semicolon

||

What you’re looking for is anonymous SSH access. I found an article for SFTP, which applies to SSH too, if you leave out SFTP-specific stuff:

  1. Create a new user:

    adduser --disabled-password anonymous
    
  2. Make the password actually empty:

    sed -i -re 's/^anonymous:[^:]+:/anonymous::/' /etc/passwd /etc/shadow
    
  3. Allow blank passwords for SSH sessions in PAM: edit /etc/pam.d/sshd and replace the line that reads @include common-auth with:

    auth [success=1 default=ignore] pam_unix.so nullok
    auth requisite pam_deny.so
    auth required pam_permit.so
    
  4. Allow blank passwords for SSH sessions of anonymous in /etc/ssh/sshd_config:

    Match user anonymous
        PermitEmptyPasswords yes
    
  5. Restart sshd:

    systemctl reload ssh.service
    

I didn’t try it myself, but it looks plausible, since my first thought for the culprit was PAM.

Answered By: David Foerster
Categories: Answers Tags: ,
Answers are sorted by their score. The answer accepted by the question owner as the best is marked with
at the top-right corner.