How to force user to change password

Alter password expiry date to force user to change password on next login.

Display user password expiry information.

$ sudo chage -l milosz
Last password change                                    : Jul 24, 2017
Password expires                                        : never
Password inactive                                       : never
Account expires                                         : never
Minimum number of days between password change          : 0
Maximum number of days between password change          : 99999
Number of days of warning before password expires       : 7

Change user password expiry information to require password change on next login.

$ sudo chage -d 0 milosz

Display user password expiry information.

$ sudo chage -l milosz
Last password change                                    : password must be changed
Password expires                                        : password must be changed
Password inactive                                       : password must be changed
Account expires                                         : never
Minimum number of days between password change          : 0
Maximum number of days between password change          : 99999
Number of days of warning before password expires       : 7

User will be forced to change the password on next login.

$ ssh [email protected]
[email protected]'s password: *********
You are required to change your password immediately (root enforced)
Linux debian 4.9.0-3-amd64 #1 SMP Debian 4.9.30-2+deb9u2 (2017-06-26) x86_64

The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.

Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
Last login: Sun Nov 26 15:29:41 2017 from 192.0.2.254
WARNING: Your password has expired.
You must change your password now and login again!
Changing password for milosz.
(current) UNIX password:  *********
Enter new UNIX password:  *********
Retype new UNIX password: *********
passwd: password updated successfully
Connection to 192.0.2.10 closed.

Alternatively you can use passwd utility to achieve the same result.

$ sudo passwd milosz -e
passwd: password expiry information changed.
$ sudo chage -l milosz
Last password change                                    : password must be changed
Password expires                                        : password must be changed
Password inactive                                       : password must be changed
Account expires                                         : never
Minimum number of days between password change          : 0
Maximum number of days between password change          : 99999
Number of days of warning before password expires       : 7
Milosz Galazka's Picture

About Milosz Galazka

Milosz is a Linux Foundation Certified Engineer working for a successful Polish company as a system administrator and a long time supporter of Free Software Foundation and Debian operating system.