If the OP can't even do an SSH keyswap onto these servers (post #1), chances are they won't be able to install anything else either. As TenTenths says, 600+ isn't unusual, but the OP seems to be a help-vampire, and I'm guessing (based on this and previous posts), that this is a homework question of some sort.

Either way, they have not answered or shown any effort of their own.

1 members found this post helpful.

@TB0ne,Hence the general comment with a few hints thrown in.
OP definitely needs to show some efforts.

1 members found this post helpful.

I use that tool. If the OP doesn't have SSH keys set up, I can't see how it would work.

Expect could easily read hostname and password from a file, connect to each of the hosts, issue commands to collect information, and stash it into a host-specific log file (to be parsed later and stashing information into a database perhaps). It'd take some effort to write the Expect script but doable. Expect/Tcl scripts are sort of fun to write.

And the same script could also install a suitable public key to allow future central management with any of the tools mentioned.

Personally, if I found out someone I hired to be an administrator for 1,000 servers keep root-level user names and passwords in a CLEAR TEXT file, and used an expect script to contact them all, I'd look for another administrator.

One place I saw tried keeping them in a M$ Word file on a Windows server. Any accounts recorded there were cracked immediately. It did not take too long to find the leak, however neither the secretary nor the Windows admin(s) were let go. The latter really needed to go.

Another place I saw actually kept an extensive plain text password file not just on a Windows server but also even in a public web directory on it available for the world to peruse. When a student pointed that out, they sued him for "hacking" and ran a series of smear articles in the local papers maligning him while lying about the infrastructure. The whole staff there really needed to be dismissed, but weren't.

I'll give the OP the benefit of the doubt, for now. Maybe this is a cleanup task. But as mentioned many times by people in this thread, SSH keys or SSH certificates are the way to go and the script's only task should be to deploy them.

I've seen similar things as well. Had this one guy years ago who paid the a__hole tax with us, because he was just plain nasty. Got a new server set up, and everything working, and gave them the speech about keeping passwords to themselves, etc. He yelled his out at the top of his lungs, and said, "You people don't know ****, and I'll do what I want!".

Cue six months later, when someone at his firm got sick of him, logged in as him and PGP encrypted every one of his files, and he wanted us to crack them. Had to explain that a 2048 bit key would take quite some time. Ranting and raving got nothing, as the person who left also encrypted the backup tapes.
I'm betting this is a homework question, personally.