Script to change password on linux servers over ssh

Question

We have a number of Red Hat linux servers in our IT environment. I am being asked by my team members to write a script (preferably shell script) to change a user\'s password

Answer 1

echo "name:password" | chpasswd

Answer 2

1. Install sshpass on any of the server from where you want to execute the script.

   yum -y install sshpass
   

2. Prepare a text file in which you have to pass details like Host, User Name, Password and Port. (Based on your requirement).

   192.168.1.2|sachin|ffffdffffd|22
   

3. Prepare a script file using below details.

   #!/bin/bash
   
   FILE=/tmp/ipaddress.txt
   
   MyServer=""
   MyUser=""
   MyPassword=""
   MyPort=""
   
   exec 3<&0
   exec 0<$FILE
   
   while read line
   do
       MyServer=$(echo $line | cut -d'|' -f1)
       MyUser=$(echo $line | cut -d'|' -f2)
       MyPassword=$(echo $line | cut -d'|' -f3)
       MyPort=$(echo $line | cut -d'|' -f4)
   
       HOST=$MyServer
       USR=$MyUser
       PASS=$MyPassword
   
       sshpass -p $PASS ssh -p $MyPort -o StrictHostKeychecking=no $USR@$HOST \
               -T "echo 'sachin@patel' | passwd --stdin root"                 \
               < /dev/null | tee -a output.log
   done
   
   exec 0<&3
   

Answer 3

The real question is why were they not using some sort of name services? NIS/Yellow Pages or LDAP and you're not having to manually change passwords across a bunch of servers. A user changes their password once and it's done across the domain master.

Answer 4

An alternative you may want to present to your peers would be to have them use password-less authentication. They'd generate a public/private key pair and register their public key in the ~/.ssh/authorized_keys file on each of the servers they log into.

Answer 5

The remote machine(s) do not need expect installed. You can install expect on a local workstation or VM (virtualbox) or whichever *nix box, and write a wrapper that calls this .ex (expect) script (there may be small changes from distro to distro, this tested on CentOS 5/6):

#!/usr/bin/expect -f
# wrapper to make passwd(1) be non-interactive
# username is passed as 1st arg, passwd as 2nd

set username [lindex $argv 0]
set password [lindex $argv 1]
set serverid [lindex $argv 2]
set newpassword [lindex $argv 3]

spawn ssh $serverid passwd
expect "assword:"
send "$password\r"
expect "UNIX password:"
send "$password\r"
expect "password:"
send "$newpassword\r"
expect "password:"
send "$newpassword\r"
expect eof

Answer 6

I just implemented a small tool that changes password for many users/hosts at once. It's java based application so it works on both Windows and Linux. It's free, enjoy :)