change root password using bash script - bash

SO, when I order a VPS, I get a random password from them which I need to change,
I basically use centos 6 x64
I was thinking to make a bash script which when I run will change the password of the VPS to a default common password which I would like to use with all my VPS.
So, my question - Is it possible?
I am thinking to use this inside the bash .sh script, is my code correct,
#!/bin/bash
passwd
echo jadaruine
If not what should be the code?

You want the chpasswd command:
sudo sh -c 'echo username:password | chpasswd'
You might also want to look at chage for password expiry settings.

You can do the following to change the password on centos
#!/bin/bash
echo "jadaruine" | passwd --stdin user

Related

Pass password to sudo for command that expects input

I am trying to create a Shell script and (to avoid typing, furthermore ignoring security related issues for now) want to directly pass the password to the "sudo" command, e.g.,
pword="mypassword"
echo $pword | sudo -S whoami
This works just fine. But now when the command itself expects an input, this method seems to fail, e.g.,
echo $pword | sudo -S cat<<<"Hello"
This would lead to an 'incorrect password' error. Currently, my solution is to run a "dummy command" like in example one first, and use the fact that for the second command the system does not prompt for a password again. However, does anyone know a better solution to get it to work?
You can defer the activation of the "here document" (the <<< construct) by doing something like this:
echo $pw | sudo -S sh -c ' cat <<<"Hello" '
A better solution is to use sudo -A instead of sudo -S, after first defining a $SUDO_ASKPASS environment variable to refer to a program that will emit your password. Then you won't have to worry about competing for stdin with the rest of the command line. You should create that askpass program (it can be a shell script) to be readable, writable and executable only by yourself so that your password will be securely hidden inside the program.
The -v flag of sudo is also useful if you have just entered your password for the SSH connection, -v updates the cache and doesn't ask for a password again:
sudo -v -u UserName && bash -c 'cat <<<"Hello"'

run a local script as root on remote server [duplicate]

This question already has answers here:
How to use SSH to run a local shell script on a remote machine?
(22 answers)
Closed 5 years ago.
I try to run a local script on multiple remote servers as root. I don't have su to root on those but just can run root commands using sudo. So far I tried:
for host in $(cat hosts_list); do ssh -tt $host "echo mypassword | sudo bash -s" < ./myscript.sh
And in myscript.sh there is something like:
echo "test test123" >> /etc/tests
exit 0
But it looks like not working and won't change the file. What is the proper way to run this script as root and without typing password separately for each host?
Ok, then why do you "echo mypassword" ?
Can't you add your SSH account to the sudoers file with NOPASSWD ?
From man sudoers:
authenticate If set, users must authenticate themselves via a password (or other means
of authentication) before they may run commands. This default may be
overridden via the PASSWD and NOPASSWD tags. This flag is on by default.

Switching users in a shell script

OS: Ubunut 14.04
I have a shell script, and I would like to run a portion of the script as a different user. I tried adding the following to my script:
echo 'user_password' | su user_name
cd ~
ls -l
But I am getting the following message:
su: must be run from a terminal
Any ideas?
Keep in mind that it is a bad security practice to store a user's password in plaintext.
If you really want to read the password from STDIN, you can use the -S option of sudo, which doesn't seem to have a counterpart in the su command.
For a better solution, that doesn't involve storing the password in plaintext, see the answers on this askubuntu thread.

Any security risks with sudo password from standard input over ssh?

I want to execute sudo over ssh on remote servers and supply the password over standard input. The following code is in a shell script on a secured server with restricted access. The password is asked beforehand and the servers use all the same sudo password. The someaction can surely take some seconds to execute.
Here is the shell script extract:
read -s -p "please enter your sudo password" PASSWORD
ssh user#host1 -t "echo '$PASSWORD' | sudo -S someaction"
ssh user#host2 -t "echo '$PASSWORD' | sudo -S someaction"
My question: Is it safe to use echo with a pipe? And are here any security problems that might occur, like logging the echo result on the remote server, etc?
Maybe somebody has a better suggestion?
Note: I know other tools can do this, like ansible etc. I am not looking for another similar tool, just want to know whether using ssh/echo/sudo in the mentioned way is safe.
Yes!
As long as the command is running anybody that can view all processes can view that password, by running ps aux | grep echo:
root [..] zsh -c echo topsecret | sudo -C action
You could configure sudo to not ask the password for a specific task for a user, that would certainly increase security over this solution.

Running interactive Bash commands over ssh

I am trying to automate my server provisioning process using chef. Since I don't want to run chef as root, I need a chef/deployer user. But I don't want to create this user manually. Instead, I want to automate this step. So I took a shot at scripting it but ran into an issue:
The problem is that if I run
>ssh root#123.345.345.567 '/bin/bash -e' < ./add_user.sh
where add_user contains
//..if the username doesnt exist already
adduser $USERNAME --gecos ''
I never see the output or the prompts of the command.
Is there a way to run interactive commands in this way?
Is there a better way to add users in an automated fashion?
Try this:
ssh -t root#<ipaddress> adduser $USERNAME --gecos
Not sure why you have a $ in the IP address in your original example - that's likely to cause ssh to fail to connect, but since you didn't indicate that sort of failure, I'm assuming that's just a typo.
Since add_user.sh is just a simple command, there's no need for the added complexity of explicitly running bash or the redirection, just run the adduser command via ssh.
And lastly, since $USERNAME is likely defined on the local end, and not on the remote end, even if you could get your original command to "do what you said", you'd end up running adduser --gecos on the remote end, which isn't what you intended.
Try using :
ssh -t root#$123.345.345.567 '/bin/bash -e' < ./add_user.sh
instead.

Resources