linux passwd batch change user password
It is a very important security common sense to change the password of the system regularly. Usually, we use the passwd user command to change the password of the user, but this will enter the interactive mode, even if using a script, it cannot be easily modified in batches, unless using To implement software like expect, do I need to install a separate software package to change the password? No, we actually have many other ways to avoid interaction. Let’s write the specific implementation method:
the first one:
echo "123456" | passwd --stdin root
Advantages: convenient and quick
Disadvantages: If the command you enter can be captured by others through history or other methods, then this method is very insecure, and more importantly, if the password also contains a single quotation marks and double quotation marks, then it cannot be modified by this method.
Description:
Batch change linux passwords passwd --stdin user reads passwords from standard input, so users can use such methods as echo NewPasswd | passwd --stdin username in scripts to change passwords in batches but in some other distributions ( Passwd provided by Debian/Suse does not support the --stdin parameter
The second:
a. First, write the username and password together into a temporary file.
cat chpass.txt
root:123456
zhaohang:123456
b. Use the following command to modify the user password:
chpasswd < chpass.txt
c. You can use 123456 to After logging in to the system, the password is modified.
Advantages: You can quickly and easily modify multiple user passwords
. Disadvantages: The plaintext password is still not safe enough to be written in the file, but it avoids the situation where the first modification method cannot have a special string password.
The third way:
a. Use openssl passwd -1 to generate the user password and write it to the file together with the user name.
cat chpass.txt
root:$1$ri2hceVU$WIf.firUBn97JKswK9ExO0
zhaohang:$1$i/Gou7.v$Bh2K6sXmxV6/UCxJz8N7b . b. Use the following command to modify the user
password:
chpasswd -e < chpass.txt
c. You can use 123456 to log in to the system, and the password is modified . Compared with the greatly enhanced security, additional introduction: The openssl passwd -1 command can output the password in the shadow, and change the secret string generated by this command to the password in your shadow, then the next time you log in to the system, you can use your generated password The password is used to log in. Using this command, even if the password is the same, the password string generated by multiple executions is different. The password corresponding to that hash value is completely random and 28-bit long based on 64-bit character encoding, so it is very difficult to crack it, as long as the account is not created with the hash value of those passwords that have been published, even if these password files are published. relatively safe. Use the old unix hash to get rid of the -1 parameter. [root@WEB01 ~]# openssl passwd -1 Password: 123456 Verifying - Password: 123456 $1$ri2hceVU$WIf.firUBn97JKswK9ExO0
You can also use the following command to generate directly:
[root@WEB01 ~]# openssl passwd -1 123456
[root@WEB01 ~]# openssl passwd -1 -salt "yoctor" 123456
The salt in the above command can enter something by yourself,
because the password ciphertext is encrypted by MD5 when setting the password, and when the hash value is generated, the system adds salt to the ciphertext so that the ciphertext cannot be deciphered in reverse.
When passwd is encrypted, the salt added by the system is the time