In a shell script with sudo privileges, I'm trying to change another users password.
I tried sudo passwd username but didn't get anywhere.
You need to use the chpasswd command. You can try something like this:
echo "username:password" | sudo chpasswd
I used it many times. It worked for me.
Related
This question already has answers here:
Pass commands as input to another command (su, ssh, sh, etc)
(3 answers)
Closed 1 year ago.
I wrote a short script that would ssh to a bunch of machines on a file called config that would iterate through the machines, ssh through them and create a new user on them. problem is - these commands require sudo privileges, and when I'm trying to execute sudo on them, I get a wrong password error, probably because sudo is not allowed over ssh? I'm not quite sure.
The code is as follows:
#!/bin/bash
read -p "enter remote admin username " adminuser
read -p "choose new username " newuser
read -p "choose new pass " newpass
while read -u10 HOST ; do ssh ${HOST} "uname -a" ;
sudo -S adduser --disabled-password --gecos "" $newuser
sudo -S chpasswd <<<"$newuser:$newpass"
sudo -S chown $newuser /home/$newuser
#sudo -S groupadd group
echo; echo "New user ${newuser} has been created on ${HOST}"
done 10< config.txt
It's worth to note I have set /etc/ssh/sshd_config PermitRootLogin to yes.
While we're at it, is there a way to minimize the amount of times i have to input my admin password? Right now I have to use it when I first ssh into the machine and when I execute a sudo command - so if I have 17 machines that's a minimum of 17 machines. I'd like to minimize that if possible.
Please do not set /etc/ssh/sshd_config PermitRootLogin to yes. No reason to play with fire unless necessary.
On the remote machine, use visudo to define a group like admin that never needs to enter a password in order to use sudo. Here are two lines from my /etc/sudoers file:
# Members of the admin group may gain root privileges
%admin ALL=(ALL) NOPASSWD: ALL
Then add the user id to that Linux user group and the script will run as root without prompts for sudo passwords:
$ usermod -a -G admin my_user_name
I am trying to create a Shell script and (to avoid typing, furthermore ignoring security related issues for now) want to directly pass the password to the "sudo" command, e.g.,
pword="mypassword"
echo $pword | sudo -S whoami
This works just fine. But now when the command itself expects an input, this method seems to fail, e.g.,
echo $pword | sudo -S cat<<<"Hello"
This would lead to an 'incorrect password' error. Currently, my solution is to run a "dummy command" like in example one first, and use the fact that for the second command the system does not prompt for a password again. However, does anyone know a better solution to get it to work?
You can defer the activation of the "here document" (the <<< construct) by doing something like this:
echo $pw | sudo -S sh -c ' cat <<<"Hello" '
A better solution is to use sudo -A instead of sudo -S, after first defining a $SUDO_ASKPASS environment variable to refer to a program that will emit your password. Then you won't have to worry about competing for stdin with the rest of the command line. You should create that askpass program (it can be a shell script) to be readable, writable and executable only by yourself so that your password will be securely hidden inside the program.
The -v flag of sudo is also useful if you have just entered your password for the SSH connection, -v updates the cache and doesn't ask for a password again:
sudo -v -u UserName && bash -c 'cat <<<"Hello"'
I have logged in to a host i.e 10.54.***.*** . Also I have executed a command as bdrun sa -u root but it asks for password to enter. How can I perform it using shell script ?
you can use redirect option to provide a password in run time in a shell script like below ( You might need to add your user account in sodo user config, check with your Unix system admin for detail ):-
echo "yourpassword" | sudo -S ls
So in your case you can use like below:-
echo "yourpassword" | sudo -S bdrun sa
Or if your password is in a file for example pass.txt
cat pass.txt | sudo -S bdrun sa
Hope this will help your. Good Luck!!
I want to execute sudo over ssh on remote servers and supply the password over standard input. The following code is in a shell script on a secured server with restricted access. The password is asked beforehand and the servers use all the same sudo password. The someaction can surely take some seconds to execute.
Here is the shell script extract:
read -s -p "please enter your sudo password" PASSWORD
ssh user#host1 -t "echo '$PASSWORD' | sudo -S someaction"
ssh user#host2 -t "echo '$PASSWORD' | sudo -S someaction"
My question: Is it safe to use echo with a pipe? And are here any security problems that might occur, like logging the echo result on the remote server, etc?
Maybe somebody has a better suggestion?
Note: I know other tools can do this, like ansible etc. I am not looking for another similar tool, just want to know whether using ssh/echo/sudo in the mentioned way is safe.
Yes!
As long as the command is running anybody that can view all processes can view that password, by running ps aux | grep echo:
root [..] zsh -c echo topsecret | sudo -C action
You could configure sudo to not ask the password for a specific task for a user, that would certainly increase security over this solution.
I am attempting to use sudo check to see if the password for the user is set to a standard password.
I have read that you can use the -S option to receive input from stdin
-S The -S (stdin) option causes sudo to read the password from
the standard input instead of the terminal device.
but when i run echo 'password' | sudo -S -u user command
it returns:
Password:
Sorry, try again.
Password:
sudo: 1 incorrect password attempt
Could somebody tell me what is off with this script?
Note: I have tried other methods to check the password but I am having a hard time finding a solution because I do not have: root access, a c compiler, or the availability to install programs like expect
Does your password end in a newline? Try:
printf password
or
echo -n password
Sudo is not expecting the password of the specified user, rather the password of the user calling "sudo":
http://en.wikipedia.org/wiki/Sudo