All Posts

A short guide on how to set up password aging on your Linux server.

Posted by Mike on September 28th, 2020
setup-password-aging.jpeg

Ideally we always advocate setting up and using SSH keys to authorise users on your servers but we know that's not always possible. So to make using passwords safer, you can configure password aging, here's how.

Password aging works by defining on your server how old a users password can be. When the users password gets too old, the server will force the user to change their password on the next login. The benefits for this are obvious, having a password that changes regularly will reduce the risk of someone obtaining a copy of an active servers password and being able to login.

Configuring Password Aging

To enable and configure password aging, logon to your server and open, with root privileges, /etc/login.defs. I've used nano as my editor for this but you can swap out nano for your preferred editor.

sudo nano /etc/login.defs

Once open scroll until you find the section for "Password aging controls:".

#
# Password aging controls:
#
#       PASS_MAX_DAYS   Maximum number of days a password may be used.
#       PASS_MIN_DAYS   Minimum number of days allowed between password changes.
#       PASS_WARN_AGE   Number of days warning given before a password expires.
#
PASS_MAX_DAYS   91
PASS_MIN_DAYS   0
PASS_WARN_AGE   7

The config file provides a handy explanation for what each of the config values mean and do. The values we have set in the example above will force our users to change their password every 3 months with a warning a week before the expiry is due.

Once you've set your desired values simply save and close the file CTRL + X, press Y to confirm you want to save and then hit Enter to confirm the file to write /etc/login.defs.

And that's it. Password aging is now configured on your server!

Server Management & Security doesn't have to be a full time job.

ServerAuth provides a whole host of management tools, from controlling who can access your server, to adding cron jobs, securing your servers and installing packages. And with an ever growing suite of tools you'll always be one step ahead!

Start for free
Server Management Software Screenshot
ServerAuth
Server Management & SSH Security Software
 on Twitter
Copyright © ServerAuth Ltd
Registered in England No. 13996293
All Rights Reserved.
Solutions
Support
Customers
ServerAuth
The Legal Bits