Unix script to change password

nimo · December 16, 2009, 4:07pm

Hello Gurus
I have little challenge which I do not know how to address it. I have unix account on many servers (let's say over 25). These accounts expire every 60 days. Is there scripts that I can run from my "local computer" and pass a new password to it where it would change it for me on all servers?

Or maybe an application that I can use on my local machine to do that?!

Thanks.

jgt · December 16, 2009, 4:17pm

Try building a script around "expect".

nimo · December 16, 2009, 4:40pm

will this allow me to run unix commands from my local windows OS?

TonyLawrence · December 16, 2009, 5:21pm

Expect is written in Perl, so yes, you should be able to run it on Windows to login to Unix machines and change the passwords.

frank_rizzo · December 16, 2009, 6:55pm

actually expect is not written in Perl. It is Tcl based.

---------- Post updated at 17:55 ---------- Previous update was at 17:52 ----------

I would suggest you migrate to LDAP if possible. This will make your life so much easier and give you more options for managing accounts. If you don't centralize your accounts your going to have to customize a solution to update the passwords on each server. This can be done many ways but I would avoid using an expect script if possible. Most Unix variants these days have command line ways to update passwords with either clear text or encrypted passwords.

rdcwayx · December 16, 2009, 8:49pm

No need to use expect.

First, you need set a ssh keyless pass with root on all servers. With that, you needn't provide password to ssh to other servers.

Second, set your new password on your local server. and get the new unix keypass from /etc/shadow.

nimo:QKDPc5E$S.:12825:0:90:5:30:13096:

run the command: (sample only)

for server in `cat server_list`
do
   ssh root@$server perl -pe -i.bak 's/^nimo:$SWlkjRWexrXYgc98F/^nimo:QKDPc5E$S./' /etc/shadow
done

Please test it on one server first, then go for next servers.

if the Unix keypass includes \ or some other special chars, maybe you need add \ before them.

nimo · December 17, 2009, 8:41am

Thanks for all your help.

markdjones82 · December 17, 2009, 9:32am

Here is one I wrote that allows you to enter the user to run as, username and password, then run the command on any files within the "host" files.

If you dont' have a linux box, I would suggest using one of the servers to run the script from. Unless you shared keys, you would have to type the root password for each.

#!/bin/bash

         read -p "Username to run command as: " user
    read -p "Username to change: " resetuser
        read -s -p "Enter Password : " password
        pass=$(perl -e 'print crypt($ARGV[0], "salt")' $password)
 
# connect each host and run command
for host in $(cat hosts.txt)
do

ssh -t $user@$host sudo /usr/sbin/usermod -p $pass $resetuser

done

You can remove the sudo portion if you are going to run it as root.