Find the answer to your Linux question:
Results 1 to 4 of 4
i need to change the root password on 12 servers. I know this is a small amount and I would have already finished changing the passwords manually in the time ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Nov 2011
    Posts
    1

    newbie linux and shell scripts/need to change root password on 12 srv


    i need to change the root password on 12 servers. I know this is a small amount and I would have already finished changing the passwords manually in the time I have spent searching the forums for the answer. But that is no way to learn. Here is my script but I am still being prompted for the root password. And when I do enter the root password at the prompt, the new password doesn't seem to take. Here is my shell script;

    #!/bin/bash
    for x in server1 server2 server3
    do
    echo $x is being fixed
    ssh $x echo "newpassword" | passwd root --stdin
    done

    *The results is

    root-server]#./aala.sh
    server1 is being fixed
    Changing password for user root.
    root-server1's password:

    **I am running RHEL 5.6

  2. #2
    Trusted Penguin
    Join Date
    May 2011
    Posts
    4,353
    Try putting the whole command in quotes, e.g.:

    Code:
    ssh $x "echo newpassword|passwd root --stdin"

  3. #3
    Trusted Penguin Irithori's Avatar
    Join Date
    May 2009
    Location
    Munich
    Posts
    3,345
    That script implies, that it
    a) is called as root
    b) connects as root

    About a) this is unnecessary
    About b) to grant remote root ssh access is discouraged. At least at my workplace it is forbidden by policy for good reasons:
    - It would encourage to write unclean scripts ("doesnt work as a regular user? Ah well, lets just call it as root"
    - If everyone can login as root, then you loose track who was logged in.
    - only one token is needed to be root

    Therefore we login as our regular user (auth key only) and the OPS team members can then escalate to root if neccessary
    That needs three tokens: 1) the private key 2) passphrase to the private key 3) the user password to escalate via sudo


    But I am halfway OT

    For your task I would recommend to look into puppet

    The following snippet would ensure the listed passwordhash on every machine that applies this manifest.
    That manifest is only on one central machine, the puppetmaster.
    If you want to change the root password, then you only change the hash in the manifest and wait until the next puppet tun is applied (30min by default)
    or you can also force a run.

    Before you ask:
    The puppet agents do not save the password hash locally anywhere.
    It would only be in /etc/shadow, where it belongs.

    Code:
    user { 'root':
      ensure     => 'present',
      password   => '$1$SuperSecretHash',
      managehome => 'false',
    }
    Last edited by Irithori; 11-23-2011 at 10:56 PM. Reason: formating
    You must always face the curtain with a bow.

  4. #4
    Linux Enthusiast
    Join Date
    Jul 2005
    Location
    Maryland
    Posts
    522
    This should work
    Code:
    for i in `cat server-list`; 
    	do ssh -t $i "sudo /usr/sbin/usermod -p '`echo new-password | openssl passwd -1 -stdin`' username"; 
    done

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •