How to change password and set password complexity policy in Ubuntu

1. Change password

1. Modify the password of ordinary users

passwd

Enter the current password to confirm, then enter the new password to modify

2. Change the root user password

sudo passwd root 

By default, the root user is prohibited from logging in. If you need to remove the restriction, just modify the configuration

sudo vim /etc/ssh/sshd_config

Comment out the default configuration and add a new line of configuration. The default configuration allows root login, but prohibits root from logging in with a password.

PermitRootLogin prohibit-password → PermitRootLogin yes 

sudo service ssh restart

2. Password complexity strategy

Notice! ! ! Before setting the complexity policy, you should first change the password of the current system user to a password that complies with the complexity policy. If it does not comply, the user will be at risk of not being able to log in after setting the complexity policy. Reasonable planning is required in advance.

1. Install the cracklib module

Install the cracklib module of PAM, which provides additional password checking capabilities

sudo apt-get install libpam-cracklib

2. Related policy settings (1) Prohibit the use of old passwords

sudo vim /etc/pam.d/common-password

Find the following configuration and add remember=5 at the end, which means that the last five passwords cannot be used. The used passwords will be saved in /etc/security/opasswd

(2) Set the minimum password length

sudo vim /etc/pam.d/common-password

Find the following configuration and change the default minlen=8 to minlen=10 , indicating that the minimum password length needs to be 10

(3) Set password complexity

sudo vim /etc/pam.d/common-password

Find the following configuration and add ucredit=-1 lcredit=-1 dcredit=-1 ocredit=-1 at the end. It means that the password must contain at least one uppercase letter (ucredit), one lowercase letter (lcredit), one number (dcredit) and one punctuation mark (ocredit). You can modify it as needed.

(4) Set password expiration date

sudo vim /etc/login.defs

Find the following configuration. The default is 9999 days, which is equivalent to no limit. The user will be prompted to change the password 7 days before the expiration date. You can modify it according to your needs.

PASS_MAX_DAYS 180 PASS_MIN_DAYS 0 PASS_WARN_AGE 14

Summarize

This is the end of this article about Ubuntu password modification and password complexity policy settings. For more relevant Ubuntu password modification content, please search 123WORDPRESS.COM's previous articles or continue to browse the following related articles. I hope everyone will support 123WORDPRESS.COM in the future!