- Script to change password on linux servers over ssh
- 17 Answers 17
- How to Change Password in Linux?
- #1. How to Change password as user via SSH?
- #2. How to Change Password as root user?
- #3. How to Manage Force Password Change via SSH?
- That’s all !
- How to Change Linux Account Password Through SSH: A Beginners’ Tutorial
- Step 1. Log on the HOST as USER.
- Step 2. Change the password
- Step3. Exit the SSH session
- Changing a Linux Users Password in One Line Command
- Related Articles
Script to change password on linux servers over ssh
We have a number of Red Hat linux servers in our IT environment. I am being asked by my team members to write a script (preferably shell script) to change a user’s password on each one of those in a single go, using SSH. I have tried to find a solution but many of the scripts I found are using Expect. We do not have Expect installed on our servers and the system admins have refused to let us install it. Also, the users do not have root access so passwd —stdin or chpasswd cannot be used. Is there any way a script can be written so that a user can run it and change the password of only his own user on all the servers in a list?
17 Answers 17
The remote machine(s) do not need expect installed. You can install expect on a local workstation or VM (virtualbox) or whichever *nix box, and write a wrapper that calls this .ex (expect) script (there may be small changes from distro to distro, this tested on CentOS 5/6):
#!/usr/bin/expect -f # wrapper to make passwd(1) be non-interactive # username is passed as 1st arg, passwd as 2nd set username [lindex $argv 0] set password [lindex $argv 1] set serverid [lindex $argv 2] set newpassword [lindex $argv 3] spawn ssh $serverid passwd expect "assword:" send "$password\r" expect "UNIX password:" send "$password\r" expect "password:" send "$newpassword\r" expect "password:" send "$newpassword\r" expect eof Using this code, you would want to make this code something like ./passwdWrapper and then in your bash file add ./passwdWrap $user $password $server $newpassword
If it’s the first time you connect to this server you might be prompted to verify the fingerprint, to get around this update line 10 from spawn ssh $serverid passwd to spawn ssh -o «StrictHostKeyChecking no» $serverid passwd
You do not need root access to use passwd .
This shoud work just fine.
Thank you Dennis, as per your post, passwd works well once the user is logged on the desired server. However, I have a list of servers stored in a file servers.txt and I would like to run a script, provide old password and new password once, and then the script should change my password on all the servers in that list. Any ideas with that?
Thank you Dennis, I have made an edit to my question showing what I have tried. It is still not there yet, but it’s a good start. Thank you.. 🙂
@CristianCiupitu: The questions mentions that passwd —stdin can’t be used because the users don’t have root access. My answer explains that this premise is false; root access is not required.
You should try pssh (parallel ssh at the same time).
You can run this command on any distro like an Android device, a laptop, your desktop. You just need to install it on client side and just have ssh as server side. I see no problem 😉 You can iterate too for simple need with a for loop : for i in foo bar base; do ssh «$i» «command line»; done
If you feel that reply is usefull, you can «upvote» it. If it fits your needs, you should «accept» the reply, that’s how stackoverflow works.
Building on squashbuff’s example, I tried the following, which worked well for me:
#!/bin/bash for server in `cat hostlist`; do echo $server; ssh username@$server 'passwd <<EOF old_password new_password new_password EOF'; done
Security wise, Could be improved to take input without echoing to the screen OR saving the plaintext to disk.
echo "name:password" | chpasswd Another possibility: change it manually on one server. Get the encrypted password out of /etc/shadow. Now, do something like this:
for host in $HOST_LIST; do ssh $host "passwd -p 'encrypted_passwd' user" done Of course, ‘encrypted_passwd» is what you got out of /etc/shadow where you manually changed the password. And $HOST_LIST is a list of hosts where you want the password changed. That could be created simply with:
export HOST_LIST="server1 server2 server15 server67" Or perhaps with a file (as others have suggested):
export HOST_LIST=`cat host_list.txt` Where the file «host_list.txt» has a list of all the systems where you want the password changed.
Edit: if your version of passwd doesn’t support the -p option, you might have the ‘usermod’ program available. The example above remains the same, simply replace ‘passwd’ with ‘usermod’.
Furthermore, you might consider the useful tool pdsh, which would simplify the above example to something like this:
echo $HOST_LIST | pdsh -Rssh -w- "usermod -p 'encrypted_passwd' user" One last «gotcha» to look out for: the encrypted password likely contains the dollar sign character (‘$’) as a field separator. You’ll probably have to escape those in your for loop or pdsh command (i.e. «$» becomes «\$»).
How to Change Password in Linux?
Setting up a strong password is always recommended to manage the security of control panel or any management panel. So, it is important to have a strong password whether you are cPanel user or having multiple cPanel users. Today, in this tutorial we will go through in detail procedure to change password in Linux via SSH.
In the tutorial, we will discuss about the following.
Let us go through the procedure in detail.
#1. How to Change password as user via SSH?
You can easily change the password of your cPanel account if you are having shell access by following the below mentioned steps.
- It will ask you to enter your current password.
- After entering your old or existing password it prompts to enter the New Password and then Confirm it.
It will prints an output as:
[test@server1 ~]$ passwd Changing password for the user “test” … Changing password for “test”. Current UNIX password: New UNIX password: Retype new UNIX password:
*When you are a user with root access, then you did not have to enter your current or old password.
#2. How to Change Password as root user?
As a root user, you have access to manage all the cPanel accounts hosted within your server. So, you can easily change the password of any account.
passwd [username]
*Replace the [username] with the cPanel username of which you want to change the password.
- It will ask you to enter the New Password for the particular user and then Confirm.
- After re-entering the password, you will receive a conformation message.
password updated successfully
#3. How to Manage Force Password Change via SSH?
Sometimes, it is required to forcefully change the password of any user, i.e, you want user to change the password. To do the same, you can simply use the following command.
passwd --expire [username]
*Replace [username] with cPanel username of which you want force password change.
Expiring password for user abc. passwd: Success
On the next login, user will see the following message.
The user must enter their current password and then create a new one to continue.
That’s all !
Hope the article better explains the procedure to change password in Linux via SSH. Do share it with your colleagues if you find it working. Drop your queries if you have and share your suggestions as well. Connect with us on social media pages.
How to Change Linux Account Password Through SSH: A Beginners’ Tutorial
People are sometimes given access to Linux/Unix and asked to change their initial passwords. But for beginners, changing a Linux/Unix password is not an easy task, especially when there is only SSH log on allowed to the Linux/Unix server. This post introduces how to change password of user USER on host HOST remotely using SSH.
Steps are as follows. Note: you will need to replace HOST and USER with the actual username and hostname you are using.
Step 1. Log on the HOST as USER.
On Linux and Mac OS X, open a terminal and run
If it asks whether your are continuing connecting if you do this for the first time, you can enter “yes” to continue.
You will need to enter the password. You can’t see what you have entered here.
Step 2. Change the password
In side of the SSH login, run
Changing password for user USER. Changing password for USER. (current) UNIX password:Enter your old password here. You can’t see what you have entred too.
Enter new password. It will then display
passwd: all authentication tokens updated successfully.passwd: password updated successfully.Step3. Exit the SSH session
You can exit the SSH session by running
Changing a Linux Users Password in One Line Command
I have a group of users that have the same account on a few of my Linux systems. They seem to forget their passwords at least once every two months and like to blame my password complexity rules. I am tasked every so often with changing a users password on multiple systems which really is a pain. Here we will examine a nice way to change a users password with a one line command. We will also talk about how we can do this remotely on multiple servers.
First, let’s look at how we can change a users password in one line using echo and the pipe.
echo -e "'NEWPASS'\n'NEWPASS'" | passwd USERNAME
NOTE: There are doube quotes ( » ) surrounding the passwords, but each password is wrapped in a single quote ( ‘ ) to allow for special characters.
Here we use echo with the “-e” switch. This tell echo to read the “\n” as a newline. Then is is piped into the passwd “USERNAME” command.
We can also use this to change the password on a remote machine with ssh.
ssh [email protected] 'useradd newuser; echo -e "'NEWPASS'\n'NEWPASS'" | passwd USERNAME'
This assumes your allowing ssh from root or a user with elevated privileges, which is not recommended for security reasons.
You can also run this command (or any command) on multiple servers using a loop. So for this example we will say we have several servers named server1 through server8. What I would do is make a text file containing the server names, one per line like so:
server1
server2
server3
server4
server5
server6
server7
server8
Now we can use a for loop to loop through the lines in the file and connect to each machine.
for i in `cat filename.txt`; do ssh $i 'echo -e "'NEWPASS'\n'NEWPASS'" | passwd USERNAME'; done
There are easier ways to accomplish this if your servers are actually named server1 through server8. But in the real world I doubt your servers and named so conveniently.