Please indicate the source for reprinting: Senior Xiaofeng’s Big Bang Theory [xfxuezhagn.cn]
Table of contents
Background information
Some users will set the password to be the same as the username for reasons such as convenience or default settings for initial user creation, but this makes it very unsafe. Even if the user has sudo permissions, then the server is a broiler. So check which accounts have this situation.
For automatic revoking of sudo permissions, you can see this: [Tip] Ubuntu temporarily grants the user sudo permissions and automatically revokes them after a certain period of time.
Start operation
First install the library on the server where you want to execute the script:
sudo apt install expect -y
sudo apt install sshpass -yScript:
vim check_user.shScript content (note that SSH_HOST can be changed to other server IPs, so there is no need to copy the script to each server to run):
#!/bin/bash
# 输出文件
OUTPUT_FILE="successful_ssh_logins.txt"
# 清空输出文件
> $OUTPUT_FILE
# 默认值,定义 SSH 主机和端口
SSH_USER="root"
SSH_HOST="127.0.0.1"
SSH_PORT=22
# 在本地机器上获取 IP 地址
MY_IP=$(curl -s http://ipinfo.io/ip)
echo "本地IP地址: $MY_IP"
while getopts ":u:h:p:" opt; do
case $opt in
u) SSH_USER="$OPTARG" ;;
h) SSH_HOST="$OPTARG" ;;
p) SSH_PORT="$OPTARG" ;;
\?) echo "Invalid option -$OPTARG" >&2 ;;
:) echo "Option -$OPTARG requires an argument." >&2 ;;
esac
done
# 临时禁用命令历史
original_histfile=$HISTFILE
unset HISTFILE
# 获取密码
read -p "请输入你的SSH密码: " SSHPASS
export SSHPASS
# 登录到服务器并使用 sshpass 添加 fail2ban 白名单, 使用 -S 选项使 sudo 从标准输入读取密码,并使用 echo $SSHPASS 来提供该密码
echo "登录$SSH_HOST添加fail2ban白名单"
sshpass -e ssh -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -p $SSH_PORT $USER@$SSH_HOST "
if grep -q '^ignoreip' /etc/fail2ban/jail.local; then
echo $SSHPASS | sudo -S sed -i '/^ignoreip =/ s/$/ $MY_IP/' /etc/fail2ban/jail.local;
elif grep -q '^#ignoreip' /etc/fail2ban/jail.local; then
echo $SSHPASS | sudo -S sed -i 's/^#ignoreip = 127.0.0.1\\/8 ::1/ignoreip = 127.0.0.1\\/8 ::1 $MY_IP/' /etc/fail2ban/jail.local;
else
echo 'ignoreip = 127.0.0.1/8 ::1 $MY_IP' | echo $SSHPASS | sudo -S tee -a /etc/fail2ban/jail.local;
fi;
echo $SSHPASS | sudo -S service fail2ban restart;
"
# 使用 sshpass 获取/home下的所有用户
USERS=$(sshpass -e ssh -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -p $SSH_PORT $USER@$SSH_HOST "ls /home")
# 遍历每个用户
for cUSER in $USERS; do
# 输出当前尝试的用户名
echo ">> [$SSH_HOST]当前尝试登录账户: $cUSER..."
# 使用expect工具自动登录 SSH
LOGIN_RESULT=$(expect -c "
spawn ssh -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -p $SSH_PORT $cUSER@$SSH_HOST
expect {
# Handle the known hosts warning
\"Are you sure you want to continue connecting (yes/no)?\" {
send \"yes\r\"
expect \"password:\"
send \"$cUSER\r\"
}
# Handle the password prompt directly
\"password:\" {
send \"$cUSER\r\"
}
}
expect {
\"Permission denied, please try again.\" { puts \"Failed: $cUSER\" }
\"$cUSER@\" { puts \"Success: $cUSER\" }
default {
puts \"在登录 $cUSER 用户时候遇到了未知错误:\"
puts \"---\"
puts \"$expect_out(buffer)\"
puts \"---\"
}
}
" 2>/dev/null)
# 使用expect工具自动切换用户
#LOGIN_RESULT=$(expect -c "
#spawn su - $cUSER
#expect {
# \"Password: \" {
# send \"$cUSER\r\"
# expect {
# \"su: Authentication failure\" { puts \"Failed: $cUSER\" }
# \"$USER@\" { puts \"Success: $cUSER\" }
# default { puts \"Unknown response for user: $cUSER\" }
# }
# }
#}
#" 2>/dev/null)
# 如果成功,输出成功消息
#echo "$LOGIN_RESULT"
if echo "$LOGIN_RESULT" | grep -q "Success"; then
echo "Login successful for user: $cUSER"
echo "$cUSER" >> $OUTPUT_FILE
fi
done
#echo "登录$SSH_HOST解除fail2ban对本机的ban"
#echo $SSHPASS | sshpass -e ssh -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -p $SSH_PORT $USER@$SSH_HOST "sudo -S fail2ban-client unban $MY_IP"
# 登录到服务器并使用 sshpass 启动 fail2ban 服务,使用 -S 选项使 sudo 从标准输入读取密码,并使用 echo $SSHPASS 来提供该密码
echo "登录$SSH_HOST移除fail2ban白名单"
sshpass -e ssh -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -p $SSH_PORT $USER@$SSH_HOST "
if grep -q '^ignoreip' /etc/fail2ban/jail.local; then
echo $SSHPASS | sudo -S sed -i 's/ $MY_IP//g' /etc/fail2ban/jail.local;
echo $SSHPASS | sudo -S sed -i 's/$MY_IP //g' /etc/fail2ban/jail.local;
fi;
echo $SSHPASS | sudo -S service fail2ban restart;
"
# 删除 SSHPASS 变量,以确保密码不会留在环境中
unset SSHPASS
# 恢复命令历史记录
export HISTFILE=$original_histfile
NUM_SUCCESS=$(wc -l < $OUTPUT_FILE)
echo "脚本已完成, 共查出[$NUM_SUCCESS]个用户, 请检查输出的结果文件: $OUTPUT_FILE ."
echo "$OUTPUT_FILE 文件中的内容为: "
cat $OUTPUT_FILERun the example:
sh check_user.shsh check_user.sh -p 8022sh check_user.sh -h xxxxxxsh check_user.sh -h xxxxxx -p 8022sh check_user.sh -u root -h xxxxxx -p 8022Example of results:
change Password
The above script finally gets an account with the same username and password. Now you need to change the passwords of these accounts, and the modification rule is: "Original password @xxx".
#!/bin/bash
# 之前的脚本中记录用户名的文件
OUTPUT_FILE="/path/to/your/output/file"
# 使用 SSH 连接到远程服务器
echo $SSHPASS | sshpass -e ssh -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -p $SSH_PORT $USER@$SSH_HOST "
while IFS= read -r USER; do
# 构建新密码
NEW_PASS=\"\$USER@xxx\"
# 更改密码
echo -e \"\$USER\n\$NEW_PASS\" | sudo -S passwd \$USER
done < $OUTPUT_FILE
"