To start with: This is something you should NOT use in most cases. It’s only intended to be used in very specific situations.
In my situation I want to allow some remote systems to create a reverse SSH tunnel without a password nor a key. It’s for hobby purposes and through firewalling I make sure that only those systems are allowed to connect to my ‘SSH proxy’.
I started by creating a group and a few users with that as their primary group:
groupadd reversessh
useradd -G reversessh user1
useradd -G reversessh user2
useradd -G reversessh user3
passwd -d user1
passwd -d user2
passwd -d user3
I then modified my /etc/ssh/sshd_config that it only allows specific groups and allows users with an empty password:
PermitEmptyPasswords yes
AllowGroups root reversessh
I also needed to modify PAM to make sure it allows this login. Therefor you need to modify /etc/pam.d/common-auth that it contains:
auth [success=1 default=ignore] pam_unix.so nullok
After I restarted SSH to users user1 until user3 were able to log on without a password nor a key.
Is this very secure? No! But it does serve a purpose in some use-cases.