Batch change of user passwords in linux

Changing user passwords in batches in linux is an important security knowledge for the system to regularly change passwords. generally, we use commands like passwduser to change passwords, however, this will enter the interactive mode, and even the script cannot be easily modified in batches, unless... changing user passwords in batches in linux is a very important security knowledge for the system to regularly change passwords. generally, we use commands like passwd user to change passwords, however, this will enter the interactive mode, and even using scripts cannot be easily modified in batches. unless it is implemented using software such as reverse CT, do you need to install a separate software package to change the password? No, there are many other ways to avoid interaction. The following describes the specific implementation method: echo "123456" | passwd -- stdin root advantages: convenient and convenient disadvantages: If the commands you enter can be captured by others through history or other methods, this method is not safe. More importantly, if the password contains both single quotes and double quotes, therefore, you cannot modify it in this way. Note: modify the linux password in batches. passwd-stdin user reads the password from the standard input, therefore, you can use the echo NewPasswd | passwd -- stdin username method in the script to change passwords in batches, but in some other releases (such as Debian/Suse) the provided passwd does not support the -- stdin parameter. The second is. first, write the username and password together into a temporary file. cat chpass.txt root: 123456 zhaohang: 123456b. run the following command to modify the user password: chpasswd <chpass.txt c. you can use 123456 to log on to the system. the password has been changed. advantage: you can quickly and conveniently modify passwords for multiple users. disadvantage: writing a plaintext password in a file is still insecure, but this prevents the first method from having a special string password. category 3:. use openssl passwd-1 to generate user passwords. The account name is written into the file together. cat chpass.txt root: $1 $ ri2hceVU $ WIf. firUBn97JKswK9ExO0zhaohang: $1 $ I/Gou7.v $ Bh2K6sXmxV6/UCxJz8N7b. b. run the following command to modify the user password: chpasswd-e <chpass.txt c. you can use 123456 to log on to the system. the password has been changed. advantage: you can quickly and conveniently modify passwords for multiple users. Disadvantages: compared with the above two methods, this greatly enhances security. Additional introduction: the openssl passwd-1 Command can output passwords in shadow, change the secret string generated by this command to the password in your shadow. next time you log on to the system, you can use your password to log on. even if the password is the same, the password strings generated after multiple executions are different. The password corresponding to the hash value is completely random based on the 28-bit length of 64-bit character encoding, so it is very difficult to crack it, as long as you do not use the hash values published by the passwords to create accounts, these password files are still relatively secure even if they are published. The-1 parameter can be removed using the old unix hash. [Root @ WEB01 ~] # Openssl passwd-1 Password: 123456 Verifying-Password: 123456 $1 $ ri2hceVU $ WIf. firUBn97JKswK9ExO0 can also be directly generated using the following command: [root @ WEB01 ~] # Openssl passwd-1 123456 [root @ WEB01 ~] # Openssl passwd-1-salt "yoctor" 123456 the salt in the above command casually enters something, because the password ciphertext is MD5 encrypted when you set the password, when the hash value is generated, the system adds salt to the ciphertext to prevent reverse decryption of the ciphertext. When passwd is encrypted, the salt added by the system is time.