Need help in creating a script which will change password of user on multiple servers

linux_neophyte · 09-05-2013, 02:11 AM

Hi Friends,

Please help me in creating a script which will help in resettting the password of a user on multiple servers.

The account which will be used have a sudo previlages and hence cannot execute the script, as unable to become root by supplying the credentials.

Here is the code which i have done but its not working.

# Password Change Script
echo "Enter User name with Sudo Previleges which will be used to change the passwords on remote Servers"
read ADMIN
echo "Enter Password to connect Sudo Previleges which will be used to change the passwords on remote Servers"
read PASS
echo " "
echo "Enter User name Whose passwords needs to be changed on remote Servers"
read TARGET
echo "Enter NEW password for $TARGET user "
read TARGETPASS

login_id=$ADMIN
host_name=""
file_name="serverlist.txt"

for i in $(cat $file_name);
do
hostname=$(echo $i| cut -f1 -d',')

ssh -t $login_id@$hostname 'echo $PASS | sudo -S |`echo $TARGETPASS | openssl passwd -1 -stdin`' read $TARGET'

done
echo ">>>>>>>>> PASSWORD CHANGED SUCCESSFULLY >>>>>>>>>>"
exit 0
fi

bonnydeal · 09-05-2013, 05:02 AM

Your best bet is to use expect (expect.sourceforge.net).

Expect is a program specifically designed for this type of interaction.

If you run autoexpect and enter all the necessary commands and info to change one password, it will generate a script which you can edit and use for the general case by putting in variables in the appropriate places - e.g. for usernames and passwords.

here is how i would do it:

Code:

% mkdir workspace
% cd workspace
% autoexpect ssh user@hostname

autoexpect will start the ssh session and record all input/output to script.exp. Do all the steps to change password here. Then exit the ssh session. This will create script.exp which you can edit.

NB. you don't need or want the ssh -t option with expect.

Then call your expect script from within your loop, passing it the hostname, username, etc.

Hope this helps.

linux_neophyte · 09-05-2013, 06:12 AM

Thanks @bonnydeal

Will try the except one, but for above passing arguments via ssh can you help me out.

ssh -t user@server 'echo password | sudo -S /usr/sbin/usermod -p `echo ssss | openssl passwd -1 -stdin` 'test''
password of sudo user New password User whose password needs to be changed.

this works with normal command line, but when used in the script above the varibales doesnt seems to be passed correctly and hence password is not changed.

gregoryfenton · 09-05-2013, 12:57 PM

Please see the reply to your other thread at
http://www.linuxquestions.org/questi...85#post5022385
for my reply and explanation there.

bonnydeal · 09-06-2013, 04:48 AM

ssh needs a method of authentication
One way is shared keys.
Another is username/password combination where ssh will prompt you for a password. (there are others but not important here, I think).

In your script you do not supply a password to ssh,
So if you have not set up shared keys your ssh session will not start.

If you do not want to set up shared keys, then using expect is the best way to supply a password.

Hope this helps

jpollard · 09-07-2013, 04:04 AM

Depending on the number of servers (more than 3?) it may be better to go to a centralized password/account management (LDAP).