Labels

Wednesday, October 19, 2011

Linux Remote Password Changes

1.  For remote password changes, you'll need sudo rights on the remote.

2.  Ensure sudo is configured for remote root commands.

  a. Edit /etc/sudoers with  visudo

  b. comment out the following:

  #Defaults    requiretty
  #Defaults   !visiblepw

3.  Generate a new password for the user using this simple perl thingie:
Example:
[doomicon@songohan tools]$ ./genpass.pl password
$1$m/Ba1kqd$LXQxR..lqUwgWE5kSPESF0

#!/usr/bin/perl
#
# usage:  genpass.pl '<password>'
# Generate MD5 encrypt string for remote useradd/usermod
# rowens
#"THE BEER-WARE LICENSE" (Revision 42):
# <
phk@login.dknet.dk> wrote this file.  As long as you retain this notice you
# can do whatever you want with this stuff. If we meet some day, and you think
# this stuff is worth it, you can buy me a beer in return.   Poul-Henning Kamp

use Crypt::PasswdMD5;
my @salt = ( '.', '/', 0 .. 9, 'A' .. 'Z', 'a' .. 'z' );


$newpass="$ARGV[0]";
sub gensalt {
        my $count = shift;
        my $salt;
                for (1..$count) {
                        $salt .= (@salt)[rand @salt];
                }

return $salt;
}

$encryptpass = unix_md5_crypt( $newpass, gensalt(8) );
printf "$encryptpass\n";

4.  Using the password just generated, we'll use the nifty '-p' option for usermod.

ssh remote_host sudo /usr/sbin/usermod -p '$1$m/Ba1kqd$LXQxR..lqUwgWE5kSPESF0' remoteuser

If you have to change this user on multiple hosts, just loop it.

for host in `grep -v ^127 /etc/hosts | awk '{ print $1 }'`
do
ssh $host sudo /usr/sbin/usermod -p '$1$m/Ba1kqd$LXQxR..lqUwgWE5kSPESF0' user
done

Fin

No comments:

Post a Comment