Hi Friends,
Every morning i need to change the password, please advise how it can be automated. I am having pre planned password list for 4 months which can be used as input file for new passwords.
Thanks
- Every morning i have login to a user account by ssh and change the password.
- I am having all list of passwords that i will be using and already provided to user for next 4 months.
- i can make a cron job which will run every morning to change the password.
- Also want to add if the password is changed successfully than it should send an e-mail.
One of of doing that comes to my mind is use password expire and than use echo to change password but it is not working at all....
If you have to do this, which is sounds like is the case, then I suggest you maintain the list of password as hashed/encrypted passwords. That's not hard since you are presumably generating them in advance manually. Once you have that you can change them with "usermod". The "-p" flag will let you pass in a hashed password.
Exposing hashed password strings in the process table isn't ideal, but they aren't usable as is. If someone found them out they would still have to crack the password before they could be used.
Check "man usermod" for the gory details.
How about this - Start with a file called pass.plain with 366 daily passwords in it.
Now encrypt the file like this (be sure to store the plain passwords in a secure location)
$ while read pass
do
openssl passwd "$pass"
done < pass.plain > pass.enc
Now in your cronjob you can use the current year's day number (as returned by date +%j ) to fetch a password and change users account like this:
usermod -p $(sed -n $(date +%j)p /var/lib/pass.enc) && mail -s "User password chaged OK" rajjev@company.com <<EOF
The user password has been changed
EOF
1 Like
I was having problem in ur program so sharing my code, dont know how to get test123 password from dateout.txt...also i want to send on the e-mail all the option that can happend while password change e.g successully or permission denied etc
!/bin/sh
CWD=/home/raj/Password
cd $CWD
rm result
(grep "`date +"%d-%b"`" file.txt) > /home/raj/Password/dateout.txt
if [ -s /home/home/raj/Password/dateout.txt ]
then
passwd --expire raj #EXPIRING THE PASSWORD
echo -e "test123\test123" | (passwd raj) >> /home/raj/Password/out.log #SETTING THE NEW PASSWORD FROM DATEOUT
else
echo "File Empty"
fi
egrep -i '(Permission)|(successfully)' > /home/raj/Password/result
if [ -s /home/raj/Password/result ]
then
MAILTO="abc@abc.com"
CONTENT="/home/raj/Password/result"
(
echo "Subject: Password Change Status "
echo "MIME-Version: 1.0"
echo "Content-Type: text/html"
echo "Content-Disposition: inline"
cat $CONTENT
) | /usr/sbin/sendmail -t $MAILTO
else
echo "bbb"
fi
Well, what does dateout look like?
What OS and version are you runnning? It really might make all the difference here.
You code contains this:-
echo -e "test123\test123" ........
What do you get if you run this on the command line? I get test123tabest123
I would also be surpised if passwd would let you feed in the new password like this anyway. It is probably designed to stop such things as they are generally considered to be a bad thing.
What do you plan to do with the file /home/home/raj/password/dateout.txt by the way? Rather than write a file and test it, how about:-
pswd_val=`grep "`date +"%d-%b"`" file.txt`
if [ "$pswd_val" != "" ]
then
passwd --expire raj ........ etc.
Robin
file.txt look like
cat file.txt
test123 18-Jun
abcd123 19-Jun
dateout look like
cat dateout
test123 18-Jun
I want to take out test123 from dateout file and use in
echo -e "test123\test123" | (passwd raj)
---------- Post updated at 12:27 PM ---------- Previous update was at 12:22 PM ----------
i am not able to run shows me error as want to use the passwd from dateout.txt...
ver:- 5.1
You didn't specify the format of your password file (file.txt) so I'm guessing it will be like this:
18-Jun my-Secret
19-Jun dAily_user
20-Jun Pass:file
This should get the password out and send it to your passwd command - however on my OS passwd required the --stdin parameter and I still couldn't pipe the output to a file. What OS are you on? I'm sure there is better way to change passwords on your OS than piping them to the passwd command...
#!/bin/sh
CWD=/home/raj/Password
cd $CWD
rm -f result
DT=`date +"%d-%b"`
PASS=`grep "$DT" file.txt | cut -c8-`
if [ -n "$PASS" ]
then
echo "Todays password is: $PASS"
passwd --expire raj #EXPIRING THE PASSWORD
printf "%s\n" "$PASS" "$PASS" | (passwd raj) > /home/raj/Password/out.log
else
echo "No password for $DT"
fi
if egrep -iq '(Permission)|(successfully)' /home/raj/Password/out.log
then
MAILTO="abc@abc.com"
CONTENT="/home/raj/Password/out.log"
(
echo "Subject: Password Change Status "
echo "MIME-Version: 1.0"
echo "Content-Type: text/html"
echo "Content-Disposition: inline"
cat $CONTENT
) | /usr/sbin/sendmail -t $MAILTO
else
echo "bbb"
fi
Change while read pass into while IFS=$'\t' read -r pass date in his loop. That should be able to read the passwords from your password/date file.
Ok you posted the format of file.txt while I was typing - can you change it to put the date first as then things are much simpler to get the password out, especially considering that the password could contain space characters
Thanks Chubler...I am am having another issue I dont have admin rights to use
password --expire raj
is there any other way to expire the old password or implement it.
my verision is uname -a
SunOS 5.10 Generic
I'm guessing your on ubuntu 5.1
Does this command work to change the password from the command line:
# usermod -p $(openssl passwd "test123" ) raj
If so you could replace the (passwd raj) line in the script above
usermod -p $(openssl passwd "$PASS" ) raj > /home/raj/Password/out.log 2>&1
---------- Post updated at 03:03 AM ---------- Previous update was at 02:59 AM ----------
OK SunOS, usermod should still work, do you have the openssl command, try:
$ openssl passwd test123
These commands will need to be run as root you can't change user attributes without root access - you mentioned cron so again your final script would need to be run as a root cronjob.
it does not work
> usermod -p $(openssl passwd "test123" ) raj
Illegal variable name
Sorry try usermod -p `openssl passwd "test123"` raj
this one is working but shows me permission denied i will ask admin to run and advise
---------- Post updated at 01:52 PM ---------- Previous update was at 01:38 PM ----------
Hi Chubler,
My collegues also do not have admin/root right to run openss1 and below line
printf "%s\n" "$PASS" "$PASS" | (passwd raj) > /home/raj/Password/out.log
as we need to put the old passwords......but we do have rights to make cron job....is there any way we can input the old password also it will be there in the file.txt e.g today is 18-Jun so old password will be of 17-Jun
It is not an administrator command... Also, it is openssl, the letter, not openss1, the number.
...will probably not work because plain passwd is smart enough to demand a terminal on most systems. If you have expect you might be able to kludge something in that language, since it spoofs a terminal.
usermod -p `openssl passwd "liver12#"` raj
shows me permission denied
UX: usermod: ERROR: Permission denied.
other way of doing it might be getting the old password from file.txt also and using it in program to change password, when i try to do it manually it ask for existing password and twice the new password
Does the following work from the command line?
$ printf "%s\n" "oldpass" "newpass" "newpass" | (passwd raj)
If not do you have passwordless ssh access to the server? This could help as we can use the ssh -t option to force a pseudo-tty?
$ ssh -t raj@localhost id