1

I'm trying to automate password changes on 36+ servers b/c doing it the manual way to ridiculous and annoying. Basically, I can run a 'grep -ir password' on 1 of my host linux servers and see how many servers respond to the query. I can then go to each one of them and cd into the proper directories and locations and run an update as ':1+$s1password+newpassword+g ' and then save the update. However, this is very tedious and I have to multiple it by how many directories responded to the query and then times that by 36+ servers.

So, can someone please assist if you know how to accomplish my inquire? The only thing I can think of but I don't know if it's right would be to do something like this... grep -ir password | vi *directory/file | :1+$s1password+newpassword+g && :wq OR MAYBE, I should be thinking of this as a bash script that needs to be created

Again, your solutions will be much appreciated, thank you!

Regards,

CG

Improve this question
1
  • Have you tried "passwd -e -n 60 -x 90 -w 10 <userid>" for example? See "man passwd" - it sets the fields in the /etc/shadow file. Try it out on your account. And you should probably setup PAM to enforce strong passwords. Commented Jun 18, 2021 at 18:46

1 Answer 1

Reset to default
0

There are multiple commands already written to run a command on multiple machines. Investing a small amount of time to get this set up will pay you dividends. Some of the better known ones are ansible, chef, terraform and puppet.

With these you could deploy a simple script to say /root/pwupdate containing

#!/bin/sh
sed -i 's/old_encrypted_password/new_encrypted_password/' "$@"

mark it executable, and then tell ansible et al to run

EDITOR=/root/pwupdate vipw

Another, more interactive approach would be to use a command line tmux to open up terminals to each of the machines (typically using ssh) and then tell it to run the same command on all the terminals at the same time. I think that this approach is fine for 5 machines, but pushing it for 10 and probably unwieldy for 36. It does however have the advantage that you don't need to set anything up over the stuff I expect you already have.

Improve this answer

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.