Automatic batch modification of Linux user passwords

Source: Internet
Author: User

         usually have multiple servers need to change the password at the same time, it is not necessary to operate one at a time, you can borrow the expect tool to achieve bulk password modification work. ip address List file ( iplist.txt , remote password modification script (password.sh), call password script when copying scp.exp, password modification Main program (chpasswd.sh), you need to put four files in the/root directory, if placed in a different directory, you need to modify the script in the corresponding path

    1. Install expect on the machine that executes the script, use the RPM package to install the TCL package, you can use the Yum installation, use the MKPASSWD to generate the password, once generated once, can be run multiple times.


#mkpasswd-L 16-s 3 #-l Specifies a password of 16 bits,-s specifies a special character of 3*vdmz{u (2UF8JVNZ

2. Locally generated public and private keys

[[email protected]~]# ssh-keygen -t rsageneratingpublic/private rsa key  Pair. enterfile in which to save the key  (/ROOT/.SSH/ID_RSA): Enterpassphrase   (empty for no passphrase):entersame passphrase again:youridentification  Has been saved in /root/.ssh/id_rsa. Yourpublic key has been saved in /root/.ssh/id_rsa.pub.the keyfingerprint  is:04:60:67:87:bb:5f:bc:2a:27:14:eb:90:c5:9c:54:[email protected]the key ' Srandomart image  IS:+--[ RSA2048]----+|    o.++e       | |    . oo+        | |      + o.       | |       b.        | |      o +S.      | |     o +  o      | |      + . . .    | |       + o .     | |        +.       |+-----------------+

3. Define a script to modify the password password.sh, this script needs to be executed on the remote machine, set the permission to 700, this script can define one time to modify the password of multiple users, here set the root and guest, Here the password is generated by the password Generator tool mkpasswd, need to remember this password, after the successful execution of the script, the remote machine will be automatically modified to this password.

#!/bin/bash  #detectthe  current user is root or notif [  $UID-ne  0 ];then        echo  "Only root can run  thisscript "        exit 3fi echo" *Vdmz{u (2uF8jvnz "  | passwd --stdin rootif  ' id -uguest >/dev/null 2>&1 '; then         echo  "Guest is already exist"           echo  "[email protected]:?"  |passwd --stdin guest         echo  "Old  guest ' s passwordchanged successful ' Else        useradd  guest        echo  "User guest addedsuccessful"         echo  "[Email protected]:? "  |passwd --stdin guest        echo  "Guest" s  Password changedsucessful "fi

4. Define the list of machines to be modified iplist.txt, one IP per line

192.168.18.131192.168.18.132

5. Automatically enter the password and automatic SCP copy of the script scp.exp, when calling this script, you need to specify the source file and the target file two parameters. The Redhat in this script is to modify the machine's root original password, can be modified here, the number of machines to modify the original must be the same root password, or can not complete the one-time batch modification.

#!/usr/bin/expectsettimeout 20 if {[llength  $argv] < 2} {     puts  "Usage:"     puts  "$argv 0 local_fileremote_path"      exit 1} setlocal_file [lindex  $argv  0]setremote_path [lindex   $ARGV  1]setpasswd redhat  setpasswderror 0 spawn scp$local_file  $remote _path expect {     "*assword:*"  {         if {  $passwderror  == 1 } {         puts  "Passwd is error"         exit 2         }        set timeout  1000        set passwderror 1         send  "$passwd \ r"         exp_continue    }      "*es/no"? * " {        send " yes\r "         exp_continue    }      timeout {        puts  "Connect is timeout"          exit 3    }}

6. Provide password modification main program chpass.sh

Change the password main program chpass.sh, first upload the public key id_rsa.pub and modify the password script password.sh to the target server, execute the Change password script password.sh, after the execution completes, deletes password.sh

#!/bin/bash  #changepassword  for production system#added bysunny 20160112#mail:[ email protected]    #detectthe  current user is root or notif  [  $UID-ne 0 ];then        echo  "only  Root can run thisscript "        exit 3fi#define  aip address listiplist=/root/iplist.txt for i in ' cat  $IPLIST '          do        /root/scp.exp /root /.ssh/[email protected] $i:/root/.ssh/authorized_keys        /root /scp.exp /root/[email protected] $i:/root/password.sh         ssh  $i   '/root/password.sh && rm-f /root/password.sh '  done

7. Execute the Change Password script to complete the password modification

Log function is turned on during execution, follow-up view implementation log, compare the status of modification

# ./chpass.shspawn scp/root/.ssh/id_rsa.pub [email protected]:/root/.ssh/authorized_ keystheauthenticity of host  ' 192.168.18.131  (192.168.18.131) '  can ' t be  Established. rsa keyfingerprint is d6:7b:b0:d8:2b:5f:90:9a:b4:97:c9:1f:dc:f7:44:8b. are yousure you want to continue connecting  (yes/no)?  yesWarning: permanently added  ' 192.168.18.131 '   (RSA)  to the list of known  Hosts. [email protected] ' spassword:id_rsa.pub                                                             100%  396     0.4kb/s   00:00   spawn scp/root/password.sh [email protected]:/root/password.shpassword.sh                                                            100%  426     0.4kb/s  00:00   changingpassword  for user root.passwd:all authentication tokens updated successfully.guest  isalready existChangingpassword for user guest.passwd:all authentication  Tokens updated successfully.oldguest ' s password changed successful

8. Check the log, check the password change status after filtering

Automatic batch modification of Linux user passwords

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.