Change root password remotely

Shell Programming and Scripting
1

Hi All,
Hope you all doing well...!!!
First of all i will like to share few information about my network.
I have a network of 50 solaris servers sample IPs are (10.2.135.1 to 10.2.135.50)..
i have created trust for root user of servers 1(10.2.135.1) in all other servers, that is i have shared the authentic public key between 1 and other 49 servers.
With this i am able to login in other servers using root user without passing the password even.

My problem starts here:-

My aim is to change the root password of all the 49 servers while sitting in server1(10.2.135.1).
please suggest me script which help me in this.

:wall:

2

expect will do what you need.

with expect you can ssh to the remote box, run passwd, enter in the info, confirm it and exit the ssh session.

---------- Post updated at 12:31 PM ---------- Previous update was at 12:21 PM ----------

quick example... this probably wont work.. I did it all off the top of my head.

#!/usr/bin/expect -f

set ipaddress [lindex $argv 0]
set password [lindex $argv 1]

set timeout 10
spawn ssh -o StrictHostKeyChecking=no -o Batchmode=yes root@$ipaddress
expect {
  blah@blah# {
    send "passwd\r"
    expect {
      New Password: {
        send "$passwod\r"
	expect { 
	  Reenter New Password: {
	    send "$password\r
          }
        }
      }
    }
  exp_continue 
  }
  "Password changed." {
   return 0
  }
  timeout {
  return 1
  }
}
expect eof
3

Here is a script that you can use (see attached). You will have to modify it a bit because it is based on a source HP-UX box. But it will push out to most *NIX flavors.

4

I don't know solaris....but, why don't you just copy /etc/passwd (or the shadow file) from 10.2.135.1 to the rest of the servers?

And have all the users change their passwords on 10.2.135.1.

1 Like
5

Hi purdym, i liked your way but what if the file while SCP gets corrputed and the passwd file gets corrupted and then the same replaces the other passwd file of other servers, in that case i will fail to login in any of the servers..
There is a big risk in doing that.