HPE Community read-only access December 15, 2018
This is a maintenance upgrade. You will be able to read articles and posts, but not post or reply.
Hours:
Dec 15, 4:00 am to 10:00 am UTC
Dec 14, 10:00 pm CST to Dec 15, 4:00 am CST
Dec 14, 8:00 pm PST to Dec 15, 2:00 am PST
System Administration
cancel
Showing results for 
Search instead for 
Did you mean: 

Help on Change ROOT password on several servers using script.

 
Mike_305
Super Advisor

Help on Change ROOT password on several servers using script.

Hello,

I need to change ROOT and user password on several servers. Does anyone have any good scripts to do this task?

I have some "sed" commands but did not help me much.

Appreciate your help in advance.

Thanks,

MJ
If there is problem then don't think as problem, think as opportunity.
16 REPLIES
OldSchool
Honored Contributor

Re: Help on Change ROOT password on several servers using script.

see the links here re: sam's useradd

http://forums11.itrc.hp.com/service/forums/questionanswer.do?threadId=1297956

otherwise you'll need "expect", Perl's "expect" module, or something similar, as you can't redirect keyboard input to the std. passwd command
Mike_305
Super Advisor

Re: Help on Change ROOT password on several servers using script.

Hello,

I need to do this on several servers and I have this sed string.

sed -e 's/^root:.*:0:/root:XyrAgtyI,N.uT:0:/' /etc/passwd

I need help on scripting this one using the server list I have. What I am trying to do is put this in FOR loop and change ROOT or any user password on all the servers.

Thanks in advance.

Thanks - MJ
If there is problem then don't think as problem, think as opportunity.
OldSchool
Honored Contributor

Re: Help on Change ROOT password on several servers using script.

well...the sed string shown should indeed change the password for root. unclear as to the meaning of "any user password". All users, any users that aren't locked, or???

how do you intend to access the other servers? remsh, rexec, ssh batch or ???? (ssh batch is preferred) what do you have available to you.

btw: take a look at this thread, as it's in a similar vein:
http://forums11.itrc.hp.com/service/forums/questionanswer.do?threadId=1331882

Bart Paulusse
Respected Contributor

Re: Help on Change ROOT password on several servers using script.

Hi MJ,

the * in root's password field can mean that user root is locked, but it can also mean you are working on a trusted system with a shadow password file. You must not write directly to /etc/passwd in that case.

Regards,
Bart
Pnaidu
Frequent Advisor

Re: Help on Change ROOT password on several servers using script.

Hi MJ,

if you want to have same password on all the machine.
Download and install expect script on any one of the Servers.
Let me know if you want any help.

http://hpux.connect.org.uk/hppd/hpux/Tcl/expect-5.43/


Cheers!!
Mike_305
Super Advisor

Re: Help on Change ROOT password on several servers using script.

Hello,

Thanks for the feedback. The password file is different on all the servers and we will access these servers from one location using ssh.

Basically, I have a "for loop" but my problem is not able to put this script format.

Appreciate your help.

Thanks
If there is problem then don't think as problem, think as opportunity.
Mike_305
Super Advisor

Re: Help on Change ROOT password on several servers using script.

Hello Pnaidu,

Do I install "expect" pkg on one server that I am pushing things and sshing from OR this pkg has to be install on all the servers?

Appreciate your help.

Thanks.
If there is problem then don't think as problem, think as opportunity.
UVK_1
Advisor

Re: Help on Change ROOT password on several servers using script.

MJ,

Is this a one time task ? though I dont have any ready made scripts I am sure you should be a able to figure out a way if you spend enough i am saying this as scripting approch differece from person to person and we need to know what exactly you are trying to do.

If this is gonna be something which u will be doing regualrly I would advice you to use tools like "gpg"

-uvk
Mike_305
Super Advisor

Re: Help on Change ROOT password on several servers using script.

Hello,

What is "GPG" is that a paid product? Anyway this what I am trying to do.

This is something we have to do every 90 days, part of the security. What I am trying to do is as below. I have the command, I want to copy the password file before the change and then make my change. That way I don't screw things up.

I was thinking using "FOR LOOP" process, something like this and I need suggestion from ITRC GURU's to make this process better. Not sure if this is going to work for me or not but I am trying.

================================
for X in $(cat server.list)
do
ssh ${X} "cp -p /etc/passwd /etc.passwd.${X}.ORIG"
sleep 4
ssh ${X} "sed -e 's/^root:.*:0:/root:hcROzuCGGBmPI,N.uT:0:/' /etc/passwd > /tmp/passwd.${X}.new"
sleep 4
done
====================

>> Verify the password file and then copy back on to each node.

Thanks in advance and appreciate everyone's help.
If there is problem then don't think as problem, think as opportunity.

Re: Help on Change ROOT password on several servers using script.


Not that many changes:
for X in $(< server.list); do
ssh ${X} -n "cp -p /etc/passwd /etc.passwd.${X}.ORIG"
sleep 4 # not sure why you have it?
ssh ${X} -n "sed -e 's/^root:.*:0:/root:hcROzuCGGBmPI,N.uT:0:/' /etc/passwd > /tmp/passwd.${X}.new"
sleep 4
# pwck(1M) here?
# Then mv of /tmp/passwd.${X}.new to /etc/passwd
done

>>> Verify the password file and then copy back on to each node.

Not really sure how to do this. vipw(1m) would do some checks. pwck(1M) may be useful.
Bart Paulusse
Respected Contributor

Re: Help on Change ROOT password on several servers using script.

Hi MJ,

you say want to do this every 90 days as part of security. You may want to rethink this then. You are not using a shadow password file, why not?
User root can log on using ssh and is not restricted to console login only,and you're not using sudo, why not?
These measures will improve your security a lot more then changing the root password 'quick and dirty' directly in the passwd file.

Regards,
Bart
Mike_305
Super Advisor

Re: Help on Change ROOT password on several servers using script.

Hello,

None of the server you can login as ROOT, its disable, we have to login using our ID and then sudo into the system.

If I can get some help or good idea on what is the best way to improve my 4 lines of script and change the password using ssh function that will be a big help.

Appreciate everyone's help and replies.

Thanks in advance.
If there is problem then don't think as problem, think as opportunity.
OldSchool
Honored Contributor

Re: Help on Change ROOT password on several servers using script.

"None of the server you can login as ROOT, its disable, we have to login using our ID and then sudo into the system"

once you're root, can you ssh into the other systems without a password? As "root"?

If not then you need to sort out connectivity first, as you won't be able to edit /etc/passwd as a normal user
Mike_305
Super Advisor

Re: Help on Change ROOT password on several servers using script.

Hello,

I can always do ssh hostname "command" that works for me, no issue there. I just want to put some intelligence to the script.

No issue on connectivity.

Thanks in advance.

If there is problem then don't think as problem, think as opportunity.

Re: Help on Change ROOT password on several servers using script.

I figured out how to use pwck(1m):
for X in $(< server.list); do
ssh ${X} -n "cp -p /etc/passwd /etc.passwd.${X}.ORIG"
sleep 4 # not sure why you have it?
ssh ${X} -n "sed -e 's/^root:.*:0:/root:hcROzuCGGBmPI,N.uT:0:/' /etc/passwd > /tmp/passwd.${X}.new"
sleep 4
ssh ${X} -n "pwck /tmp/passwd.${X}.new > /tmp/passwd.${X}.pwck 2>&1; if [ -s /tmp/passwd.${X}.pwck ]; then echo pwck errors; cat /tmp/passwd.${X}.pwck; else mv /tmp/passwd.${X}.new /etc/passwd; fi"
done

Note it would be much easier to have ssh invoke a script on the target machine to have all of those commands done locally.
Mike_305
Super Advisor

Re: Help on Change ROOT password on several servers using script.

Thanks for everyone's help.

MJ
If there is problem then don't think as problem, think as opportunity.