标签:修改密码
通常会有多台服务器需要同时修改密码,此时可不必一台一台去操作,可以借用expect工具实现批量密码修改工作。涉及到四个文件,ip地址列表文件(iplist.txt),远程密码修改脚本(password.sh),复制时调用密码脚本scp.exp,密码修改主程序(chpasswd.sh),需将四个文件放置在/root目录下,如果放在其它目录,需修改脚本中对应的路径
在执行脚本的机器上安装expect,使用rpm包安装时需要依赖tcl包,也可使用yum安装,使用mkpasswd生成密码,一次生成一次,可多次运行。
#mkpasswd -l 16 -s 3 #-l指定密码为16位,-s指定特殊字符为3
*Vdmz{u(2uF8jvnz2.本地生成公钥和私钥
[root@localhost~]# ssh-keygen -t rsa Generatingpublic/private rsa key pair. Enterfile in which to save the key (/root/.ssh/id_rsa): Enterpassphrase (empty for no passphrase): Entersame passphrase again: Youridentification has been saved in /root/.ssh/id_rsa. Yourpublic key has been saved in /root/.ssh/id_rsa.pub. The keyfingerprint is: 04:60:67:87:bb:5f:bc:2a:27:14:eb:90:c5:9c:54:46root@localhost.localdomain The key‘srandomart image is: +--[ RSA2048]----+ | o.++E | | . oo+ | | + o. | | B. | | o +S. | | o + o | | + . . . | | + o . | | +.. | +-----------------+
3.定义修改密码的脚本password.sh,这个脚本是需要在远程机器上执行的,设置权限为700,此脚本中可定义一次性修改多个用户的密码,这里设置了root和guest,这里的密码是由密码生成工具mkpasswd生成的,需要记住此密码,脚本执行成功后,远程机器上即会自动修改成此密码。
#!/bin/bash
#detectthe current user is root or not
if [ $UID-ne 0 ];then
echo "only root can run thisscript"
exit 3
fi
echo"*Vdmz{u(2uF8jvnz" | passwd --stdin root
if `id -uguest >/dev/null 2>&1`;then
echo "guest is already exist"
echo "wifxg4hgla9ID@:?" |passwd --stdin guest
echo "old guest‘s passwordchanged successful"
else
useradd guest
echo "user guest addedsuccessful"
echo "wifxg4hgla9ID@:?" |passwd --stdin guest
echo "guest‘s password changedsucessful"
fi4.定义要修改的机器的列表iplist.txt,每行一个IP
192.168.18.131 192.168.18.132
5.自动输入密码并自动scp复制的脚本scp.exp,调用此脚本时,需指定源文件和目标文件两个参数。此脚本中的redhat为要修改机器的root原始密码,可在此处修改,要修改的多台机器原来必须是同样的root密码,否则无法完成一次性批量修改。
#!/usr/bin/expect
settimeout 20
if {[llength $argv] < 2} {
puts "Usage:"
puts "$argv0 local_fileremote_path"
exit 1
}
setlocal_file [lindex $argv 0]
setremote_path [lindex $argv 1]
setpasswd redhat
setpasswderror 0
spawn scp$local_file $remote_path
expect {
"*assword:*" {
if { $passwderror == 1 } {
puts "passwd is error"
exit 2
}
set timeout 1000
set passwderror 1
send "$passwd\r"
exp_continue
}
"*es/no)?*" {
send "yes\r"
exp_continue
}
timeout {
puts "connect is timeout"
exit 3
}
}6.提供密码修改主程序chpass.sh
修改密码主程序chpass.sh,先将公钥id_rsa.pub和修改密码脚本password.sh上传至目标服务器上,执行修改密码脚本password.sh,执行完成后,删除password.sh
#!/bin/bash #changepassword for production system #added bysunny 20160112 #mail:francis198@163.com #detectthe current user is root or not if [ $UID-ne 0 ];then echo "only root can run thisscript" exit 3 fi #define aip address list IPLIST=/root/iplist.txt for i in`cat $IPLIST` do /root/scp.exp /root/.ssh/id_rsa.pubroot@$i:/root/.ssh/authorized_keys /root/scp.exp /root/password.shroot@$i:/root/password.sh ssh $i ‘/root/password.sh && rm-f /root/password.sh‘ done
7.执行修改密码脚本完成密码修改
执行过程中开启日志log功能,后续查看实施日志,对比修改状态
# ./chpass.sh spawn scp/root/.ssh/id_rsa.pub root@192.168.18.131:/root/.ssh/authorized_keys Theauthenticity of host ‘192.168.18.131 (192.168.18.131)‘ can‘t be established. RSA keyfingerprint is d6:7b:b0:d8:2b:5f:90:9a:b4:97:c9:1f:dc:f7:44:8b. Are yousure you want to continue connecting (yes/no)? yes Warning:Permanently added ‘192.168.18.131‘ (RSA) to the list of known hosts. root@192.168.18.131‘spassword: id_rsa.pub 100% 396 0.4KB/s 00:00 spawn scp/root/password.sh root@192.168.18.131:/root/password.sh password.sh 100% 426 0.4KB/s 00:00 Changingpassword for user root. passwd:all authentication tokens updated successfully. guest isalready exist Changingpassword for user guest. passwd:all authentication tokens updated successfully. oldguest‘s password changed successful
8.检查日志,过滤后查看密码修改状况
标签:修改密码
原文地址:http://francis198.blog.51cto.com/720670/1734901
