Wednesday, October 19, 2011

Linux Remote Password Changes

1.  For remote password changes, you'll need sudo rights on the remote.

2.  Ensure sudo is configured for remote root commands.

  a. Edit /etc/sudoers with  visudo

  b. comment out the following:

  #Defaults    requiretty
  #Defaults   !visiblepw

3.  Generate a new password for the user using this simple perl thingie:
[doomicon@songohan tools]$ ./ password

# usage: '<password>'
# Generate MD5 encrypt string for remote useradd/usermod
# rowens
#"THE BEER-WARE LICENSE" (Revision 42):
# <> wrote this file.  As long as you retain this notice you
# can do whatever you want with this stuff. If we meet some day, and you think
# this stuff is worth it, you can buy me a beer in return.   Poul-Henning Kamp

use Crypt::PasswdMD5;
my @salt = ( '.', '/', 0 .. 9, 'A' .. 'Z', 'a' .. 'z' );

sub gensalt {
        my $count = shift;
        my $salt;
                for (1..$count) {
                        $salt .= (@salt)[rand @salt];

return $salt;

$encryptpass = unix_md5_crypt( $newpass, gensalt(8) );
printf "$encryptpass\n";

4.  Using the password just generated, we'll use the nifty '-p' option for usermod.

ssh remote_host sudo /usr/sbin/usermod -p '$1$m/Ba1kqd$LXQxR..lqUwgWE5kSPESF0' remoteuser

If you have to change this user on multiple hosts, just loop it.

for host in `grep -v ^127 /etc/hosts | awk '{ print $1 }'`
ssh $host sudo /usr/sbin/usermod -p '$1$m/Ba1kqd$LXQxR..lqUwgWE5kSPESF0' user