usually have multiple servers need to change the password at the same time, it is not necessary to operate one at a time, you can borrow the expect tool to achieve bulk password modification work. ip address List file ( iplist.txt , remote password modification script (password.sh), call password script when copying scp.exp, password modification Main program (chpasswd.sh), you need to put four files in the/root directory, if placed in a different directory, you need to modify the script in the corresponding path
Install expect on the machine that executes the script, use the RPM package to install the TCL package, you can use the Yum installation, use the MKPASSWD to generate the password, once generated once, can be run multiple times.
#mkpasswd-L 16-s 3 #-l Specifies a password of 16 bits,-s specifies a special character of 3*vdmz{u (2UF8JVNZ
2. Locally generated public and private keys
[[email protected]~]# ssh-keygen -t rsageneratingpublic/private rsa key Pair. enterfile in which to save the key (/ROOT/.SSH/ID_RSA): Enterpassphrase (empty for no passphrase):entersame passphrase again:youridentification Has been saved in /root/.ssh/id_rsa. Yourpublic key has been saved in /root/.ssh/id_rsa.pub.the keyfingerprint is:04:60:67:87:bb:5f:bc:2a:27:14:eb:90:c5:9c:54:[email protected]the key ' Srandomart image  IS:+--[ RSA2048]----+| o.++e | | . oo+ | | + o. | | b. | | o +S. | | o + o | | + . . . | | + o . | | +. |+-----------------+
3. Define a script to modify the password password.sh, this script needs to be executed on the remote machine, set the permission to 700, this script can define one time to modify the password of multiple users, here set the root and guest, Here the password is generated by the password Generator tool mkpasswd, need to remember this password, after the successful execution of the script, the remote machine will be automatically modified to this password.
#!/bin/bash #detectthe current user is root or notif [ $UID-ne 0 ];then echo "Only root can run thisscript " exit 3fi echo" *Vdmz{u (2uF8jvnz " | passwd --stdin rootif ' id -uguest >/dev/null 2>&1 '; then echo "Guest is already exist" echo "[email protected]:?" |passwd --stdin guest echo "Old guest ' s passwordchanged successful ' Else useradd guest echo "User guest addedsuccessful" echo "[Email protected]:? " |passwd --stdin guest echo "Guest" s Password changedsucessful "fi
4. Define the list of machines to be modified iplist.txt, one IP per line
192.168.18.131192.168.18.132
5. Automatically enter the password and automatic SCP copy of the script scp.exp, when calling this script, you need to specify the source file and the target file two parameters. The Redhat in this script is to modify the machine's root original password, can be modified here, the number of machines to modify the original must be the same root password, or can not complete the one-time batch modification.
#!/usr/bin/expectsettimeout 20 if {[llength $argv] < 2} { puts "Usage:" puts "$argv 0 local_fileremote_path" exit 1} setlocal_file [lindex $argv 0]setremote_path [lindex $ARGV 1]setpasswd redhat setpasswderror 0 spawn scp$local_file $remote _path expect { "*assword:*" { if { $passwderror == 1 } { puts "Passwd is error" exit 2 } set timeout 1000 set passwderror 1 send "$passwd \ r" exp_continue } "*es/no"? * " { send " yes\r " exp_continue } timeout { puts "Connect is timeout" exit 3 }}
6. Provide password modification main program chpass.sh
Change the password main program chpass.sh, first upload the public key id_rsa.pub and modify the password script password.sh to the target server, execute the Change password script password.sh, after the execution completes, deletes password.sh
#!/bin/bash #changepassword for production system#added bysunny 20160112#mail:[ email protected] #detectthe current user is root or notif [ $UID-ne 0 ];then echo "only Root can run thisscript " exit 3fi#define aip address listiplist=/root/iplist.txt for i in ' cat $IPLIST ' do /root/scp.exp /root /.ssh/[email protected] $i:/root/.ssh/authorized_keys /root /scp.exp /root/[email protected] $i:/root/password.sh ssh $i '/root/password.sh && rm-f /root/password.sh ' done
7. Execute the Change Password script to complete the password modification
Log function is turned on during execution, follow-up view implementation log, compare the status of modification
# ./chpass.shspawn scp/root/.ssh/id_rsa.pub [email protected]:/root/.ssh/authorized_ keystheauthenticity of host ' 192.168.18.131 (192.168.18.131) ' can ' t be Established. rsa keyfingerprint is d6:7b:b0:d8:2b:5f:90:9a:b4:97:c9:1f:dc:f7:44:8b. are yousure you want to continue connecting (yes/no)? yesWarning: permanently added ' 192.168.18.131 ' (RSA) to the list of known Hosts. [email protected] ' spassword:id_rsa.pub 100% 396 0.4kb/s 00:00 spawn scp/root/password.sh [email protected]:/root/password.shpassword.sh 100% 426 0.4kb/s 00:00 changingpassword for user root.passwd:all authentication tokens updated successfully.guest isalready existChangingpassword for user guest.passwd:all authentication Tokens updated successfully.oldguest ' s password changed successful
8. Check the log, check the password change status after filtering
Automatic batch modification of Linux user passwords