Linux - NewbieThis Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place!
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
User exists on system. I did what you said and then it asks for root's password (as I said it before). This is not a solution for my script. I connected to remote server with user1@ip_address1 by key authentication without entering any password. What I want to do is connect the remote server by determined user (user whose password will be changed) and then becoming root with sudo su - to finally use passwd to change related user's password on all servers listed in txt file, respectively.
ps: It is not allowed to change PermitRootLogin to yes, again I said it before.
User exists on system. I did what you said and then it asks for root's password (as I said it before). This is not a solution for my script. I connected to remote server with user1@ip_address1 by key authentication without entering any password. What I want to do is connect the remote server by determined user (user whose password will be changed) and then becoming root with sudo su - to finally use passwd to change related user's password on all servers listed in txt file, respectively.
ps: It is not allowed to change PermitRootLogin to yes, again I said it before.
Do you realize that if you have all the users credentials there is no security?
do you realize that if ANY USER on the server can use "sudo su -", then there is NO SECURITY?
Root doesn't have to login. YOU DO.
sudo should be configure to ONLY ALLOW YOU (or other admins) to use "su -".
You cannot login as the user (which $uservar is) and the use sudo su - (if you can, as I said, you have NO SECURITY).
All I can say is that the commands I gave work here.
And you still have a problem with having collected all the keys from your admins - they can trivially delete them without even trying hard. After all, the accounts own the list of keys, and they own the directory the file is in.
I could see using "ssh youraccount@host ..." and not using the users account. That way you aren't depending on the user to be "nice".
With all the complexity it seems your site would do better to use Kerberos for user authentication. That would eliminate having to distribute passwords in an inherently less secure way as there are no passwords used for user authentication, and a centralized password control... But that would depend on how many systems you have. If only 4, it could be considered a bit of overkill, but could also be used as a "future expansion planning" feature.
All I can say is that the commands I gave work here.
And you still have a problem with having collected all the keys from your admins - they can trivially delete them without even trying hard. After all, the accounts own the list of keys, and they own the directory the file is in.
I could see using "ssh youraccount@host ..." and not using the users account. That way you aren't depending on the user to be "nice".
With all the complexity it seems your site would do better to use Kerberos for user authentication. That would eliminate having to distribute passwords in an inherently less secure way as there are no passwords used for user authentication, and a centralized password control... But that would depend on how many systems you have. If only 4, it could be considered a bit of overkill, but could also be used as a "future expansion planning" feature.
We decided to set up Kerberos to servers, too. Thank you for your helps .
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.