[olug] remote password changes
webtrekker at cox.net
webtrekker at cox.net
Wed May 31 17:43:56 UTC 2006
Hi Will,
Security isn't a major concern, all of the machines are in an isolated network. Mainly I would like to be able to have a list of servers and reference that list with a script that would then ssh to each in turn and change one users password on each.
I don't relish the idea of spending all day ssh'ing to each machine to do this by hand.
I will be experimenting with your ideas today. Thanks!
---- Will Langford <unfies at gmail.com> wrote:
> not overly secure, but you can either have a sudo account that you log
> into... and have your ssh connection spawn a password change script... ie:
>
> ssh passchangeuser at host password_change.sh targetuser targetpassword
>
> Where password_change.sh is a front end to passwd.
>
> Naturually, if you're concerned about `ps aux` on either server (ppl seeing
> the running processes), you'll need to have some kind of
> encryption+ascii_conversion package for the "targetpassword" parameter
> (rather than passing the plain text). A simple and not so effective example
> would be to pass it through rot13 on both ends.
>
> Another option is to do an scp to passchangeuser's account that puts a file
> (say, that's named targetuser and contains the new password inside) in a
> special directory (/home/passchangeuser/newinfo ?) and a cron task that
> constantly looks for new files in that directory and does the passwd command
> to change things as appropriate. This way the user's password isn't
> transfered plain text and you don't have to worry about `ps aux` people.
>
> No script examples in this email, kinda too busy to actually go about a full
> blown example.
>
> -Will
>
>
> On 5/31/06, webtrekker at cox.net <webtrekker at cox.net > wrote:
> >
> > Hi All,
> >
> > I am trying to write a script that will reference a list of machine names
> > and then connect to each one through ssh to change a users password.
> >
> > SSH can connect to each server without prompting for a password
> > (authorized_keys).
> > I am not a very good script writer, so any help would be greatly
> > appreciated.
> >
> > Thanks,
> > Patrick
> > _______________________________________________
> > OLUG mailing list
> > OLUG at olug.org
> > http://lists.olug.org/mailman/listinfo/olug
> >
> _______________________________________________
> OLUG mailing list
> OLUG at olug.org
> http://lists.olug.org/mailman/listinfo/olug
More information about the OLUG
mailing list