发表新帖
发表新帖

Script to change password on linux servers over ssh

后端 未结
关注
17 2676
南方客
南方客 2020-12-08 11:22

We have a number of Red Hat linux servers in our IT environment. I am being asked by my team members to write a script (preferably shell script) to change a user\'s password

相关标签:
17条回答
  • 夕颜
    2020-12-08 11:36

    The passmass script (man page) that comes with Expect doesn't require Expect to be installed on the remote machines.

    0 讨论(0)
  • 不知归路
    2020-12-08 11:36 
    cat /tmp/passwords | ssh $server sudo chpasswd -e

    if the password is encrypted, or

    cat /tmp/passwords | ssh $server sudo chpasswd

    if the password is not encrypted.

    /tmp/passwords should have format of "user:password"

    0 讨论(0)
  • 臣服心动
    2020-12-08 11:45

    Building on squashbuff's example, I tried the following, which worked well for me:

    #!/bin/bash
for server in `cat hostlist`; do
echo $server;
ssh username@$server 'passwd <<EOF
old_password
new_password
new_password
EOF';
done

    Security wise, Could be improved to take input without echoing to the screen OR saving the plaintext to disk.

    0 讨论(0)
  • 忘了有多久
    2020-12-08 11:47

    Can you use Perl?

    Here there is an script that changes the password in a set of hosts.

    If requires some Perl modules (Net::OpenSSH::Parallel, Expect and their dependencies) installed on the local machine running the script but nothing on the remote servers where the password has to be changed.

    0 讨论(0)
  • 梦毁少年i
    2020-12-08 11:50

    Another possibility: change it manually on one server. Get the encrypted password out of /etc/shadow. Now, do something like this:

    for host in $HOST_LIST; do
    ssh $host "passwd -p 'encrypted_passwd' user"
done

    Of course, 'encrypted_passwd" is what you got out of /etc/shadow where you manually changed the password. And $HOST_LIST is a list of hosts where you want the password changed. That could be created simply with:

    export HOST_LIST="server1 server2 server15 server67"

    Or perhaps with a file (as others have suggested):

    export HOST_LIST=`cat host_list.txt`

    Where the file "host_list.txt" has a list of all the systems where you want the password changed.

    Edit: if your version of passwd doesn't support the -p option, you might have the 'usermod' program available. The example above remains the same, simply replace 'passwd' with 'usermod'.

    Furthermore, you might consider the useful tool pdsh, which would simplify the above example to something like this:

    echo $HOST_LIST | pdsh -Rssh -w- "usermod -p 'encrypted_passwd' user"

    One last "gotcha" to look out for: the encrypted password likely contains the dollar sign character ('$') as a field separator. You'll probably have to escape those in your for loop or pdsh command (i.e. "$" becomes "\$").

    0 讨论(0)
  • 太阳男子
    2020-12-08 11:51

    You should try pssh (parallel ssh at the same time).

    cat>~/ssh-hosts<<EOF
user100@host-foo
user200@host-bar
user848@host-qux
EOF

pssh -h ~/pssh-hosts 'printf "%s\n" old_pass new_pass new_pass | passwd'
    0 讨论(0)
 看不清?
提交回复
热议问题