blocks|key|506968|text|远程计算机不需要安装expect。您可以在本地工作站或VM+(virtualbox)或任何*nix机器上安装expect，并编写一个调用此.ex+(expect)脚本的包装器(发行版与发行版之间可能有一些小的变化，这在CentOS+5/6上进行了测试)：|type|unstyled|depth|inlineStyleRanges|entityRanges|data|506969|#!/usr/bin/expect+-f
#+wrapper+to+make+passwd(1)+be+non-interactive
#+username+is+passed+as+1st+arg,+passwd+as+2nd

set+username+[lindex+$argv+0]
set+password+[lindex+$argv+1]
set+serverid+[lindex+$argv+2]
set+newpassword+[lindex+$argv+3]

spawn+ssh+$serverid+passwd
expect+"assword:"
send+"$password\r"
expect+"UNIX+password:"
send+"$password\r"
expect+"password:"
send+"$newpassword\r"
expect+"password:"
send+"$newpassword\r"
expect+eof|code-block|syntax|javascript|506970|entityMap^0|0|0^^$0|@$1|2|3|4|5|6|7|I|8|@]|9|@]|A|$]]|$1|B|3|C|5|D|7|J|8|@]|9|@]|A|$E|F]]|$1|G|3|-4|5|6|7|K|8|@]|9|@]|A|$]]]|H|$]]

The remote machine(s) do not need expect installed. You can install expect on a local workstation or VM (virtualbox) or whichever *nix box, and write a wrapper that calls this .ex (expect) script (there may be small changes from distro to distro, this tested on CentOS 5/6):

<pre><code>#!/usr/bin/expect -f
# wrapper to make passwd(1) be non-interactive
# username is passed as 1st arg, passwd as 2nd

set username [lindex $argv 0]
set password [lindex $argv 1]
set serverid [lindex $argv 2]
set newpassword [lindex $argv 3]

spawn ssh $serverid passwd
expect "assword:"
send "$password\r"
expect "UNIX password:"
send "$password\r"
expect "password:"
send "$newpassword\r"
expect "password:"
send "$newpassword\r"
expect eof
</code></pre>

blocks|key|722686|text|您不需要超级用户访问权限即可使用passwd。|type|unstyled|depth|inlineStyleRanges|offset|length|style|CODE|entityRanges|data|722687|这个应该可以很好的工作。|722688|passwd+<<EOF
old+password
new+password
new+password
EOF|code-block|syntax|javascript|722689|entityMap^0|G|6|0|0|0^^$0|@$1|2|3|4|5|6|7|O|8|@$9|P|A|Q|B|C]]|D|@]|E|$]]|$1|F|3|G|5|6|7|R|8|@]|D|@]|E|$]]|$1|H|3|I|5|J|7|S|8|@]|D|@]|E|$K|L]]|$1|M|3|-4|5|6|7|T|8|@]|D|@]|E|$]]]|N|$]]

You do not need root access to use <code>passwd</code>.

This shoud work just fine.

<pre><code>passwd &lt;&lt;EOF
old password
new password
new password
EOF
</code></pre>

blocks|key|722778|text|您应该尝试pssh+(同时使用并行ssh+)。|type|unstyled|depth|inlineStyleRanges|entityRanges|offset|length|data|722779|cat>~/ssh-hosts<<EOF
user100@host-foo
user200@host-bar
user848@host-qux
EOF

pssh+-h+~/pssh-hosts+'printf+"%25s\n"+old_pass+new_pass+new_pass+%7C+passwd'|code-block|syntax|javascript|722780|entityMap|0|LINK|mutability|MUTABLE|url|http://www.theether.org/pssh/^0|5|4|0|0|0^^$0|@$1|2|3|4|5|6|7|Q|8|@]|9|@$A|R|B|S|1|T]]|C|$]]|$1|D|3|E|5|F|7|U|8|@]|9|@]|C|$G|H]]|$1|I|3|-4|5|6|7|V|8|@]|9|@]|C|$]]]|J|$K|$5|L|M|N|C|$O|P]]]]

You should try <a href="http://www.theether.org/pssh/">pssh</a> (parallel ssh at the same time).

<pre><code>cat&gt;~/ssh-hosts&lt;&lt;EOF
user100@host-foo
user200@host-bar
user848@host-qux
EOF

pssh -h ~/pssh-hosts 'printf "%s\n" old_pass new_pass new_pass | passwd'
</code></pre>

blocks|key|723121|text|echo+"name:password"+%7C+chpasswd|type|code-block|depth|inlineStyleRanges|entityRanges|data|syntax|javascript|723122|unstyled|entityMap^0|0^^$0|@$1|2|3|4|5|6|7|G|8|@]|9|@]|A|$B|C]]|$1|D|3|-4|5|E|7|H|8|@]|9|@]|A|$]]]|F|$]]

<pre><code>echo "name:password" | chpasswd
</code></pre>

blocks|key|506630|text|您可能想要向您的同级提出的另一种方案是让他们使用无密码身份验证。他们将生成一个公钥/私钥对，并在他们登录的每台服务器上的~/.ssh/authorized文件中注册他们的公钥。|type|unstyled|depth|inlineStyleRanges|entityRanges|data|506631|entityMap^0|0^^$0|@$1|2|3|4|5|6|7|D|8|@]|9|@]|A|$]]|$1|B|3|-4|5|6|7|E|8|@]|9|@]|A|$]]]|C|$]]

An alternative you may want to present to your peers would be to have them use password-less authentication. They'd generate a public/private key pair and register their public key in the ~/.ssh/authorized_keys file on each of the servers they log into.

blocks|key|506720|text|你能使用Perl吗？|type|unstyled|depth|inlineStyleRanges|entityRanges|data|506721|Here有一个脚本可以更改一组主机中的密码。|offset|length|506722|如果需要在运行脚本的本地计算机上安装一些Perl模块(Net::OpenSSH::Parallel、Expect及其依赖项)，但不需要在必须更改密码的远程服务器上安装任何模块。|506723|entityMap|0|LINK|mutability|MUTABLE|url|https://github.com/salva/p5-Net-OpenSSH-Parallel/blob/master/sample/parallel_passwd.pl|1|http://search.perl.org/perldoc?Net%253a%253aOpenSSH%253a%253aParallel|2|http://search.perl.org/perldoc?Expect^0|0|0|4|0|0|R|M|1|1E|6|2|0^^$0|@$1|2|3|4|5|6|7|T|8|@]|9|@]|A|$]]|$1|B|3|C|5|6|7|U|8|@]|9|@$D|V|E|W|1|X]]|A|$]]|$1|F|3|G|5|6|7|Y|8|@]|9|@$D|Z|E|10|1|11]|$D|12|E|13|1|14]]|A|$]]|$1|H|3|-4|5|6|7|15|8|@]|9|@]|A|$]]]|I|$J|$5|K|L|M|A|$N|O]]|P|$5|K|L|M|A|$N|Q]]|R|$5|K|L|M|A|$N|S]]]]

Can you use Perl?

<a href="https://github.com/salva/p5-Net-OpenSSH-Parallel/blob/master/sample/parallel_passwd.pl" rel="nofollow">Here</a> there is an script that changes the password in a set of hosts.

If requires some Perl modules (<a href="http://search.perl.org/perldoc?Net%3a%3aOpenSSH%3a%3aParallel" rel="nofollow">Net::OpenSSH::Parallel</a>, <a href="http://search.perl.org/perldoc?Expect" rel="nofollow">Expect</a> and their dependencies) installed on the local machine running the script but nothing on the remote servers where the password has to be changed.

blocks|key|506725|text|你试过App::Unix::RPasswd吗？|type|unstyled|depth|inlineStyleRanges|entityRanges|offset|length|data|506726|entityMap|0|LINK|mutability|MUTABLE|url|http://search.cpan.org/dist/App-Unix-RPasswd/lib/App/Unix/RPasswd.pm^0|3|I|0|0^^$0|@$1|2|3|4|5|6|7|L|8|@]|9|@$A|M|B|N|1|O]]|C|$]]|$1|D|3|-4|5|6|7|P|8|@]|9|@]|C|$]]]|E|$F|$5|G|H|I|C|$J|K]]]]

Have you tried <a href="http://search.cpan.org/dist/App-Unix-RPasswd/lib/App/Unix/RPasswd.pm" rel="nofollow">App::Unix::RPasswd</a>

blocks|key|723177|text|Expect附带的passmass脚本(man+page)不需要在远程机器上安装Expect。|type|unstyled|depth|inlineStyleRanges|entityRanges|offset|length|data|723178|entityMap|0|LINK|mutability|MUTABLE|url|http://expect.cvs.sourceforge.net/viewvc/expect/expect/example/passmass|1|http://expect.sourceforge.net/example/passmass.man.html^0|9|8|0|K|8|1|0^^$0|@$1|2|3|4|5|6|7|N|8|@]|9|@$A|O|B|P|1|Q]|$A|R|B|S|1|T]]|C|$]]|$1|D|3|-4|5|6|7|U|8|@]|9|@]|C|$]]]|E|$F|$5|G|H|I|C|$J|K]]|L|$5|G|H|I|C|$J|M]]]]

The <a href="http://expect.cvs.sourceforge.net/viewvc/expect/expect/example/passmass" rel="nofollow">passmass</a> script (<a href="http://expect.sourceforge.net/example/passmass.man.html" rel="nofollow">man page</a>) that comes with Expect doesn't require Expect to be installed on the remote machines.

blocks|key|723317|text|我刚刚实现了一个小的tool，可以一次为多个用户/主机更改密码。它是基于java的应用程序，因此它可以在Windows和Linux上运行。它是免费的，请享用:)|type|unstyled|depth|inlineStyleRanges|entityRanges|offset|length|data|723318|entityMap|0|LINK|mutability|MUTABLE|url|https://github.com/azatsh/ssh-user-password-change/releases/tag/v1.0.0^0|A|4|0|0^^$0|@$1|2|3|4|5|6|7|L|8|@]|9|@$A|M|B|N|1|O]]|C|$]]|$1|D|3|-4|5|6|7|P|8|@]|9|@]|C|$]]]|E|$F|$5|G|H|I|C|$J|K]]]]

I just implemented a small <a href="https://github.com/azatsh/ssh-user-password-change/releases/tag/v1.0.0" rel="nofollow noreferrer">tool</a> that changes password for many users/hosts at once. It's java based application so it works on both Windows and Linux. It's free, enjoy :)

blocks|key|722916|text|我想我应该把我的解决方案放在答案字段中-不确定这是否应该是问题的一部分。|type|unstyled|depth|inlineStyleRanges|entityRanges|data|722917|好的，我已经使用Dennis的建议组合了一个部分有效的解决方案。|722918|servers.txt看起来像这样：|722919|server1
server2
server3
.
.
.|code-block|syntax|javascript|722920|我正在使用：|722921|for+server+in+`cat+servers.txt`;+do
ssh+$server+-l+user+'passwd+<<EOF
old_pass
new_pass
new_pass
EOF';
done|722922|这会产生以下结果：|722923|user@server1's+password:+**<Type+password+manually>**
(current)+UNIX+password:+New+UNIX+password:+Retype+new+UNIX+password:+Changing+password+for+user+user.
Changing+password+for+user
passwd:+all+authentication+tokens+updated+successfully.
user@server2's+password:+**<Type+password+manually>**
(current)+UNIX+password:+New+UNIX+password:+Retype+new+UNIX+password:+Changing+password+for+user+user.
Changing+password+for+user
passwd:+all+authentication+tokens+updated+successfully.|722924|因此，在这里，我仍然需要为每个服务器键入一次我的旧密码。这种情况可以避免吗？|722925|entityMap^0|0|0|0|0|0|0|0|0|0^^$0|@$1|2|3|4|5|6|7|W|8|@]|9|@]|A|$]]|$1|B|3|C|5|6|7|X|8|@]|9|@]|A|$]]|$1|D|3|E|5|6|7|Y|8|@]|9|@]|A|$]]|$1|F|3|G|5|H|7|Z|8|@]|9|@]|A|$I|J]]|$1|K|3|L|5|6|7|10|8|@]|9|@]|A|$]]|$1|M|3|N|5|H|7|11|8|@]|9|@]|A|$I|J]]|$1|O|3|P|5|6|7|12|8|@]|9|@]|A|$]]|$1|Q|3|R|5|H|7|13|8|@]|9|@]|A|$I|J]]|$1|S|3|T|5|6|7|14|8|@]|9|@]|A|$]]|$1|U|3|-4|5|6|7|15|8|@]|9|@]|A|$]]]|V|$]]

Thought I should put my solution in an answer field - not sure if this should be a part of the question..

OK, I have put together a partially working solution using Dennis' suggestion.

servers.txt looks like:

<pre><code>server1
server2
server3
.
.
.
</code></pre>

I am using:

<pre><code>for server in `cat servers.txt`; do
ssh $server -l user 'passwd &lt;&lt;EOF
old_pass
new_pass
new_pass
EOF';
done
</code></pre>

This produces:

<pre><code>user@server1's password: **&lt;Type password manually&gt;**
(current) UNIX password: New UNIX password: Retype new UNIX password: Changing password for user user.
Changing password for user
passwd: all authentication tokens updated successfully.
user@server2's password: **&lt;Type password manually&gt;**
(current) UNIX password: New UNIX password: Retype new UNIX password: Changing password for user user.
Changing password for user
passwd: all authentication tokens updated successfully.
</code></pre>

So here, I still need to type my old password once for each server. Can this be avoided?

blocks|key|506871|text|如果你有ssh，为什么首先要有密码呢？将用户的公共ssh密钥推送到他们有权使用的所有服务器。这也让您可以轻松地授予和撤销所有您想要的访问权限。|type|unstyled|depth|inlineStyleRanges|entityRanges|data|506872|在以前的$dayjob中，我们有数以万计的服务器，他们有一个数据库，其中的工程师被允许在哪些服务器上，并且ssh密钥的安装是一个自动化的过程。几乎没有人在任何机器上都有密码。|506873|entityMap^0|0|0^^$0|@$1|2|3|4|5|6|7|F|8|@]|9|@]|A|$]]|$1|B|3|C|5|6|7|G|8|@]|9|@]|A|$]]|$1|D|3|-4|5|6|7|H|8|@]|9|@]|A|$]]]|E|$]]

If you have ssh, why have passwords in the first place? Push the user's public ssh key to all the servers they're authorized to use and be done with it. This also lets you easily grant and revoke access all you want.

At a previous $dayjob, where we had literally tens of thousands of servers, they had a database of which engineers were allowed on which servers, and the installation of ssh keys was an automated process. Almost NOBODY had a password on ANY machine.

blocks|key|506998|text|echo+-e“wakka2\n+wakka2\n”%7C密码根|type|unstyled|depth|inlineStyleRanges|entityRanges|data|506999|entityMap^0|0^^$0|@$1|2|3|4|5|6|7|D|8|@]|9|@]|A|$]]|$1|B|3|-4|5|6|7|E|8|@]|9|@]|A|$]]]|C|$]]

echo -e "wakka2\nwakka2\n" | passwd root

blocks|key|723244|text|cat+/tmp/passwords+%7C+ssh+$server+sudo+chpasswd+-e|type|code-block|depth|inlineStyleRanges|entityRanges|data|syntax|javascript|723245|如果密码是加密的，或者|unstyled|723246|cat+/tmp/passwords+%7C+ssh+$server+sudo+chpasswd|723247|如果密码未加密。|723248|/tmp/密码格式应为"user:password“|723249|entityMap^0|0|0|0|0|0^^$0|@$1|2|3|4|5|6|7|O|8|@]|9|@]|A|$B|C]]|$1|D|3|E|5|F|7|P|8|@]|9|@]|A|$]]|$1|G|3|H|5|6|7|Q|8|@]|9|@]|A|$B|C]]|$1|I|3|J|5|F|7|R|8|@]|9|@]|A|$]]|$1|K|3|L|5|F|7|S|8|@]|9|@]|A|$]]|$1|M|3|-4|5|F|7|T|8|@]|9|@]|A|$]]]|N|$]]

<pre><code>cat /tmp/passwords | ssh $server sudo chpasswd -e
</code></pre>

if the password is encrypted, or

<pre><code>cat /tmp/passwords | ssh $server sudo chpasswd
</code></pre>

if the password is not encrypted.

/tmp/passwords should have format of "user:password"

blocks|key|723216|text|真正的问题是，为什么他们不使用某种名称服务？NIS/黄页或LDAP，您不必在一堆服务器上手动更改密码。用户只需更改一次密码，即可在整个域主节点上完成此操作。|type|unstyled|depth|inlineStyleRanges|entityRanges|data|723217|entityMap^0|0^^$0|@$1|2|3|4|5|6|7|D|8|@]|9|@]|A|$]]|$1|B|3|-4|5|6|7|E|8|@]|9|@]|A|$]]]|C|$]]

The real question is why were they not using some sort of name services? NIS/Yellow Pages or LDAP and you're not having to manually change passwords across a bunch of servers. A user changes their password once and it's done across the domain master.

We have a number of Red Hat linux servers in our IT environment. I am being asked by my team members to write a script (preferably shell script) to change a user's password on each one of those in a single go, using SSH.

I have tried to find a solution but many of the scripts I found are using Expect. We do not have Expect installed on our servers and the system admins have refused to let us install it. Also, the users do not have root access so <code>passwd --stdin</code> or <code>chpasswd</code> cannot be used.

Is there any way a script can be written so that a user can run it and change the password of only his own user on all the servers in a list?

Script to change password on linux servers over ssh

身份验证

数据库

服务器

Windows

CentOS

Linux

Perl

我们的IT环境中有许多Red Hat linux服务器。我的团队成员要求我编写一个脚本(最好是shell脚本)，以便使用SSH一次性更改每个用户的密码。我试图找到一个解决方案，但我找到的许多脚本都在使用Expect。我们没有在服务器上安装Expect，系统管理员拒绝让我们安装它。此外，用户没有根用户访问权限，因此不能使用passwd --stdin或chpasswd。有没有办法编写一个脚本，以便用

问通过ssh在linux服务器上更改密码的脚本
EN

回答 14

Stack Overflow用户

Stack Overflow用户

Stack Overflow用户

社区

活动

资源

关于

腾讯云开发者

热门产品

热门推荐

更多推荐

问通过ssh在linux服务器上更改密码的脚本EN

回答 14

Stack Overflow用户

Stack Overflow用户

Stack Overflow用户

社区

活动

资源

关于

腾讯云开发者

热门产品

热门推荐

更多推荐

问通过ssh在linux服务器上更改密码的脚本
EN