The Forcing User to Change Password Upon First Sign In lab represents the third challenge in the Cybersecurity: Tools and Access Management series. Learners discover how to retrieve user account information, create a new user account on a server and another machine, not on that network. They then initiate a connection to the server using the secure shell (ssh) protocol and reconfigure a password’s expiration date to force a user to update his or her password. Users also learn techniques to check their work.
This hands-on experience benefits beginners with a detailed, step-by-step tutorial on forming and applying Linux commands to complete the tasks, in Terminal. Users can do the lab without previous Linux experience. Learners should plan to complete the lab over a continuous 30 to 45-minute time block. Learners cannot return to the lab midway. The lab environment consists of a Kali Linux server and an Ubuntu VM providing practice with different Linux operating systems. Links to hints expand on lab instructions and show screenshots of expected results.
Lab completion results in three outcomes. First, the learner develops skills in Linux Terminal, constructing and executing commands to manage user accounts. Second, trainees gain an understanding of how to manage passwords and require password updates. Third, lab participants see different processes to check user account configurations and secure transmission between machines. System administrators need these abilities for their work.
Understanding The Scenario
You are a system administrator for your company. You need to set up a new account for an administrator who has just been hired. First, you set up an account and verify that the account works from the new administrator’s Ubuntu Linux workstation. Next, you verify the connection to the Kali server. Finally, you configure the account to force the new administrator to change the password upon signing in for the first time.
Verify that a Specified User Account Does Not Exist:
This task covers how to view user accounts available on the Kahli Linux server, using Terminal commands. Learners watch their query retrieve no results and return to the command prompt, indicating the user account does not exist. Although, this lab exercise ends up as an extra step. Should an administrator try to add a duplicate user account, Linux would return an error message noting that the account already exists.
Create a New User on the Server:
Learners add a new user to the Kahli server using the ‘adduser’ command. Creating a user account on the server gives access to necessary applications and lets a person log onto any machine on that network. System administrators find this process essential in onboarding a new hire and start managing his or her accounts.
Create a New User on the Ubuntu Workstation:
Lab participants switch to the Ubuntu virtual machine and create a new user there. This portion gives learners practice using Linux commands to create and manage user accounts. This exercise also provides a tip about pressing ‘Enter’ to get to move from the screen saver to the sign-in page.
Connect to Server1 using SSH:
An essential step in getting a new hire up and running means an administrator needs to check a secure network connection exists. Learners verify that the new user, they set up, can connect from the Ubuntu VM to the Kali Linux server (Server1). This exercise also demonstrates that Linux default settings do not prompt a user to change his or her password after the first login. Administrators need to set the password settings to force a password reset, explained in the next section.
Require the User to Change Passwords on First Login:
This lab section guides learners to change password expiry information on Server1, forcing a user to reset his or her password. After the user logs in, Linux asks for an immediate password change (root enforced). The user must enter a different password and login again to Server1. After the user updates the password successfully, the connection to the server closes. The learner then has to enter Server1 using the new password. The entire exercise shows the learner expected system behavior on the user side when forcing a password change.
Learners familiarize themselves with Linux commands needed to set up and manage user accounts, in addition to requiring a password reset. Learners know how to:
- Verify a user account does not exist
- Create new user access on the Kali Linux server and an Ubuntu Linux workstation
- Verified the new account can connect securely using SSH
- Configure the new account to require a password reset.
- Check that signing from the Ubuntu VM to the Kali server successfully had the user update his or her password.
When lab participants complete the lab modules, in the bulleted list above, they have applicable skills in making a new user account to onboard and employee.
Learners may wish to take other labs in this series.
- GUIDED CHALLENGE: Test and Mitigate Default Port Vulnerabilities
- GUIDED CHALLENGE: Configure SSH To Connect Without Passwords