3

I am building a script to fully automate a VPS setup, and I need to change the root password. I would like to avoid typing it as the script is running through SSH.

Is there a way to redirect an arbitrary value to the input of passwd command?

EDIT

I know for passwd < passwd_file.txt containing the password twice... I would like to know if there is a more elegant way as it seems a little bit clumsy to use a temp file for this purpose.

Improve this question
4
  • Why not just set a disabled password usermod -p '*' root, and setup SSH key-based authentication? Commented Apr 13, 2012 at 18:16
  • I would like to keep a (strong) password to be able to log from another user. Commented Apr 14, 2012 at 5:45
  • expect also works for may things Commented Apr 14, 2012 at 6:06
  • I finally found the solution: see below... Commented Apr 14, 2012 at 6:07

4 Answers 4

Reset to default
6

You don't say what version of UNIX you're using, but on Linux the passwd(1) man page shows:

 --stdin This option is used to indicate that passwd should read the new password from standard input, which can be a pipe.

So all you have to do is run:

echo 'somepassword' | passwd --stdin

Edit to add: more portable is chpasswd which exists on (at least) both Red Hat and Ubuntu:

echo 'someuser:somepassword' | chpasswd

See the man page.

Improve this answer
2
  • I would have been really fond of this option, but it does not exists on Ubuntu... :-( Commented Apr 14, 2012 at 5:47
  • You can use chpasswd. That exists on both Red Hat and Ubuntu. Commented Apr 28, 2012 at 15:33
1

I think you'll have a tough time doing what you want. The passwd command goes to great lengths to avoid just the situation you describe, so as to hinder any password guessing schemes, and circumvent a lot of potential security problems.

Can you use the useradd command? Typical linux useradd has a "-p" or "--password" option that lets you set the encrypted password to some value. You can get that encrypted password out of the file /etc/shadow.

The other option is to monkey with the file /etc/shadow. It shouldn't be too hard to used sed or something to change the salted, encrypted root password.

Improve this answer
2
  • First, thanks for your quick reply. But useradd is not recommended, man pages says I should prefer adduser... And second option is yet worst than mine... ;-P Commented Apr 13, 2012 at 16:53
  • 1
    @MikeAski, On many systems adduser is simply a front-end to useradd. For general interactive usage, the adduser command is preferred since it usually has a number of useful defaults. From a script useradd, or in this case usermod is potentially a valid choice. Commented Apr 13, 2012 at 18:15
1

Yes! Found the way. printf saved me:

HOST=... echo "Root password? " && read -r ROOT_PASSWORD ... ssh root@$HOST <<EOF printf "$ROOT_PASSWORD\n$ROOT_PASSWORD\n" | passwd EOF

That is to me the best way out: clean & perfectly secure as password never get on local nether remote host in clear (through ssh connection only).

Improve this answer
0

You could wrap tmux around passwd:

tmux new-session -ds chpwd passwd tmux send-keys -t chpwd NEWPASSWORD$'\n' tmux send-keys -t chpwd NEWPASSWORD$'\n'

Run as root of course.

Improve this answer

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.