On Mon, Nov 19, 2018 at 07:28:15AM +0000, Michael Howard wrote:
Don't get too hung up on it all.
If the account needs login access then give it. Create or use an account
with a shell of your choice and a secure password. You don't need to
remember the password, as you are using keys, so it can be ridiculously
secure.
If you're only going to login to the account using ssh keys, you don't
need to give it a valid password hash at all. Just put a string of
rubbish (English words qualify) in the hash field of /etc/shadow.