ssh as user runs program with no authentication (neither password nor keys)

Peter Lyons asked:

I’d like to set up a user on my system (Ubuntu 14.04 x64) such that people can run ssh and see some output from a program without being prompted for a password or having to have an ssh key. Here’s what I have done so far:

  • created the example user with my program as it’s shell via adduser example --shell /path/to/my/program
  • created an empty file at /home/example/.hushlogin to quiet the motd and other login messages

Things are working with the exception that I must complete the password prompt authentication challenge, which I’d like to bypass as this will be a publicly-available service.

Presumably customizing the PAM configuration under /etc/pam.d appropriately might do the trick but I need some guidance on the specifics. I want this change to only affect this specific user account, not every account on the system.

My answer:

Set PermitEmptyPasswords yes in /etc/ssh/sshd_config, and then make sure the user account has no password.

View the full question and answer on Server Fault.

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.