Script to Change Password on Linux Servers Over Ssh

Script to change password on linux servers over ssh

The remote machine(s) do not need expect installed. You can install expect on a local workstation or VM (virtualbox) or whichever *nix box, and write a wrapper that calls this .ex (expect) script (there may be small changes from distro to distro, this tested on CentOS 5/6):

#!/usr/bin/expect -f
# wrapper to make passwd(1) be non-interactive
# username is passed as 1st arg, passwd as 2nd

set username [lindex $argv 0]
set password [lindex $argv 1]
set serverid [lindex $argv 2]
set newpassword [lindex $argv 3]

spawn ssh $serverid passwd
expect "assword:"
send "$password\r"
expect "UNIX password:"
send "$password\r"
expect "password:"
send "$newpassword\r"
expect "password:"
send "$newpassword\r"
expect eof

How do I change multiple unix passwords in one script/batch file?

Here is how I automated the process:

  1. Download and install ActiveTCL Community Edition (download the 32 bit version, even if you are on 64 bit windows, as the 64 bit version does not have "Expect" which is what you need to run the automated script)

  2. Open the tclsh85 executable that was created by the install

  3. Run this command "teacup install Expect" (note, this is case sensitive. You may need to setup special http settings if you receive an error and/or are on vpn or using a proxy)

  4. Download Putty's "plink.exe" and either place it in the bin directory of ActiveTCL (default install directory is "C:\Tcl\bin") or alter your "Path" environment variable to include the path to this executable (wherever you downloaded plink.exe). This is the command-line version of Putty which your script will use.

  5. Anywhere on your drive, create a text file named "servers.txt" with a list of the servers (one per line). They should all share the same password, as the script will login to all of them with the same password (that you supply), and change the password to the one you supply.

  6. In the same directory as "servers.txt" create a new text file called "ChangePassword.tcl" (or whatever you want to call it, but be sure its file type is "tcl"). Right click the file and edit in notepad (or whatever text editor you prefer) and paste this script in it.

    package require Expect

    exp_log_user 0
    set exp::nt_debug 1

    proc changepw {host user oldpass newpass} {
           spawn plink $host
           log_user 0
           expect {
               "login as: " { }
           }
           exp_send "$user\r"
           expect "sword: "
           exp_send "$oldpass\r"
           expect "\$ "
           exp_send "passwd\r"
           expect "sword: "
         exp_send "$oldpass\r"
         expect "sword: "
         exp_send "$newpass\r"
         expect "sword: "
         exp_send "$newpass\r"
           set result $expect_out(buffer)
           exp_send "exit\r"
           return $result
    }

    label .userlbl -text "Username:"
    label .oldpasslbl -text "\nOld Password: "
    label .newpasslbl -text "\nNew Password: "

    set username "username"
    entry .username -textvariable username
    set oldpassword "oldpassword"
    entry .oldpassword -textvariable oldpassword
    set newpassword "newpassword"
    entry .newpassword -textvariable newpassword

    button .button1 -text "Change Password" -command {
      set fp [open "servers.txt" r]
      set file_data [read $fp]
      close $fp
      set data [split $file_data "\n"]
      foreach line $data {
          .text1 insert end "Changing password for: $line\n"
        set output [changepw $line $username $oldpassword $newpassword]
        .text1 insert end "$output\n\n"
      }
    }

    text .text1 -width 50 -height 30 
    pack .userlbl .username .oldpasslbl .oldpassword .newpasslbl .newpassword .button1 .text1

  7. Save the script and then launch the ChangePassword.tcl file.

Here is a picture of what it looks like when you open the ChangePassword.tcl file:
Change Password TCL program with servers.txt open in the background

The rest should be self explanatory. Note the program does not output when your password change was successful but it will tell you when it fails. Also note, this was my first tcl script (and first time using Expect) so the script is by no means "optimized" and could probably be improved but it gets the job done. Feel free to edit, or make suggestions/improvements.


Related Topics

Should Linux Cron Jobs Be Specified with an "&" to Indicate to Run in Background

Assign Awk Result to Variable

Bash: Difference Between "Export K=1" VS. "K=1"

How to Check If Hadoop Daemons Are Running

Using Assertion in the Linux Kernel

Pipe Output to Use as the Search Specification for Grep on Linux

How to Communicate with a Linux Kernel Module from User Space Without Littering /Dev with New Nodes

Gzip Multiple Files Individually and Keep the Original Files

Linux Command to Empty All Files of a Directory

Arch Linux - Apt-Get Update Equivalent Command

How to Recursively Copy a Directory into Another and Replace Only the Files That Have Not Changed

Gedit Syntax Highlighting for Assembler Files (*.Asm)

Is Timer Interrupt Independent of Whether System Is in Kernel Mode or User Mode

How to Make Debian Package Install Dependencies

How to Fix Permission Denied for .Git/ Directory When Performing Git Push

Call to Daemon in a /Etc/Init.D Script Is Blocking, Not Running in Background

How to Play a Sound in Octave

Docker-Compose Up Leads to "Client and Server Don't Have Same Version (Client:1.14, Server: 1.12)" Error But Client and Server Have the Same Version


Leave a reply



Submit