Batch modify user password under Linux

It is a very important security common sense to change the password regularly, we usually change the user password to use the command such as the passwd user to change the password, but this will enter the interactive mode, even if the use of script is not very convenient batch modification, unless the use of expect such software to implement, Is it necessary to modify the password to install a separate package? No, we actually have a lot of other ways to avoid interaction, the following specific implementation of the specific way:

The first type:

echo "123456" | passwd--stdin Root

Advantages: Convenient and quick

Cons: If you enter an instruction that can be captured by someone else through history or other means, then this is not safe, and more importantly, if the password contains both single and double quotes, then this method cannot be modified.

Description

Bulk modification of the Linux password passwd--stdin user reads the password from standard input, so users can use it in scripts such as echo newpasswd | passwd--stdin username This way to bulk change the password but in some other distributions (such as Debian/suse) the passwd provided does not support--stdin this parameter

The second type:

A. First write the user name password together with a temporary file.

Cat Chpass.txt

root:123456

zhaohang:123456

B. Use the following command to modify the user's password:

CHPASSWD < Chpass.txt

C. You can use 123456来 login system, password modification is complete.

Advantages: can quickly and easily modify multiple user passwords

Cons: PlainText passwords are still not secure enough in the file, but avoid the case where the first modification cannot have a special string password.

The third type:

A. Use the OpenSSL passwd-1 to generate the user password, along with the user name to write to the file.

Cat Chpass.txt

Root:$1$ri2hcevu$wif.firubn97jkswk9exo0

zhaohang:$1$i/gou7.v$bh2k6sxmxv6/ucxjz8n7b.

B. Use the following command to modify the user's password:

Chpasswd-e < Chpass.txt

C. You can use 123456来 login system, password modification is complete.

Advantages: can quickly and easily modify multiple user passwords

Cons: greatly enhanced security compared to the above two

Additional Description:

The OpenSSL passwd-1 command can output the password inside the shadow, change the secret string generated by this command to your shadow password, then the next time you log in the system can use your password to generate passwords to log in, using this command, even if the password, Multiple executions of the generated password string are also different. The hash value corresponding to the password is completely random based on 64-bit character encoding 28 bits long, so to crack it is very difficult, as long as the password has been published by the hash value created account, even if the password files are published is still relatively safe. Use the old UNIX hash to remove the-1 parameter.

[email protected] ~]# OpenSSL passwd-1

password:123456

verifying-password:123456

$1$ri2hcevu$wif.firubn97jkswk9exo0

You can also generate directly using the following command:

[email protected] ~]# OpenSSL passwd-1 123456

[[email protected] ~]# OpenSSL passwd-1-salt "Yoctor" 123456

The salt in the above command is a random input.

Because the password ciphertext is MD5 encryption, when the hash value is generated, the system is added as salt in the cipher text, so that the ciphertext cannot be decoded in reverse.

Batch modify user password under Linux