Create a new user that can only pubkey-login

view story

http://unix.stackexchange.com – We have a test server that does allow challenge-response authentication. I don't want to disable that, but when I create a new user account I ask users to send me a public key, and want to force users to set the password the first time they log in with keypair authentication. If I create an account with an impossible/disabled and expired password, but put a pubkey in their .ssh/authorized_keys file, the user is required to change his password at first login, but cannot enter his current one! # adduser --disabled-password foo … # chage -d0 foo What is a more appropriate way to go about thi (HowTos)