we have a list of servers and local users in a text file. we need to change these passwords regularly.

cat host.txt
user1@server_test
user2@server_test
usera@server_dev
userb@server_dev
usera1@server_pro
userb1@server_pro

I wrote the following script to change the password

#!/bin/bash
for i in $(cat host.txt);
do
   userid=`echo $i | awk -F"@" '{print $1}'`
   server=`echo $i | awk -F"@" '{print $2}'`
   ssh $server 'echo -e "tempP@ass\ntempP@ass" | sudo passwd `echo $userid`'
done

problem with this script: on remote server value of variable $userid is not visible (i know the reason) what is the best method to pass this value to the remote server?

CodePudding user response：

I'm not certain about your question; it seems you should be concerned about the password being visible to adversaries on the remote, but it seems that your issue is simply the failure of the expansion of $userid. I believe you just want:

#!/bin/bash
while IFS=@ read userid server; do
   ssh "$server" "printf 'tempP@ass\ntempP@ass\n' | sudo passwd $userid"
done < host.txt

As mentioned previously, this is horribly insecure, as the passwords will be visible on the remote. You can mitigate that with:

#!/bin/bash
while IFS=@ read userid server; do
   printf 'tempP@ass\ntempP@ass\n' | ssh "$server" "sudo passwd $userid"
done < host.txt

CodePudding user response：

I would use chpasswd

#!/bin/bash
for i in $(cat host.txt);
do
   userid="`echo $i | awk -F"@" '{print $1}'`"
   server="`echo $i | awk -F"@" '{print $2}'`"
   # ssh root@$server -t "echo $userid:tempP@ass|chpasswd"
   # or as suggested by @chepner
   echo "$userid:tempP@ass" |ssh root@$server -t chpasswd
done

from man 8 chpasswd:

The chpasswd command reads a list of user name and password pairs from standard input and uses this information to update a group of existing users. Each line is of the format:

user_name:password