1. Introduction to chpasswd command
The chpasswd command is used to change the passwords of multiple users at the same time. It reads username and password combinations from standard input or a specified file and applies them to users in the system. The chpasswd command is usually used to change user passwords in batches, especially in automated scripts or batch tasks. This command requires root account permissions to execute. When using the chpasswd command, you can provide a username and password combination in two ways:
- Reading from standard input: A username and password combination can be passed to the chpasswd command via a pipe or redirection operator. Each username and password combination should occupy one line, with a colon separating the username and password.
- Reading from a file: A username and password combination can be read by specifying a file path as an argument to the chpasswd command. Each username and password combination in the file should occupy one line, with a colon separating the username and password.
2. Example of using chpasswd command
1. Get command help
[root@s152 ~]# chpasswd -h
Usage: chpasswd [options]
Options:
-c, --crypt-method method encryption method (one of NONE DES MD5 SHA256 SHA512)
-e, --encrypted The provided password has been encrypted
-h, --help Display this help message and exit
-m, --md5 Use MD5 algorithm to encrypt plain text password
-R, --root CHROOT_DIR chroot To the directory
-s, --sha-rounds SHA* The number next to SHA in the encryption algorithm
2. Change the password of a single user
[root@s152 ~]# useradd username1
[root@s152 ~]# echo “username1:password1” | chpasswd
3. Modify user passwords in batches from standard input
Enter the chpasswd command and press Enter directly. In the interactive window, enter the user name and password in the following format, and use ctl+D to end the input.
[root@s152 ~]# chpasswd
username1:123456
username2:123456
username3:12345678< /span> Last login: Friday, August 25 15:24:34 CST 2023pts/0
[root@s152 ~]# su - username1 Password: Last login: Friday August 25 15:47:27 CST 2023pts/ 0 on The last failed login: August 25, 2023 15:47:43 CST 2023pts/0 on The last successful login was followed by 1 failure login attempt.
4. Read passwords from files and modify user passwords in batches
Of course, we can also use cat combined with the | pipe character to complete batch user password modifications.
[root@s152 ~]# cat pass.txt
username1:1234567
username2:1234567
username3:12345678
[root@s152 ~]# cat pass.txt | chpasswd
5. Modify user password using password ciphertext
We can use openssl to generate the ciphertext content of the password, write the ciphertext content to a file, and then modify the passwords in batches by using the -e parameter.
[root@s152 ~]# openssl passwd -1 Wuhs@pass
$1$1lP9KfKx$uj1QJqB4EjMXTGN9YOk3G1
[root@s152 ~]# cat pass.txt
username1:$1$1lP9KfKx$uj1QJqB4EjMXTGN9YOk3G1
username2:$1$1lP9KfKx$uj1QJqB4EjMXTGN9YOk3G1
username3:$1$1lP9KfKx$uj1QJqB4EjMXTGN9YOk3G1
>[root@s152 ~]# cat pass.txt |chpasswd -e
[root@s152 ~]# su - username1
上一次登录:五 8月 25 16:12:24 CST 2023pts/0 上
[username1@s152 ~]$ su - username2
密码:
上一次登录:五 8月 25 16:12:46 CST 2023pts/0 上
[username2@s152 ~]$
5. Specify the encryption algorithm to modify the user password
[root@s152 ~]# cat pass2.txt
username1:123456
username2:12345678
username3:12345678
[root@s152 ~]# cat pass2.txt | chpasswd -m
3. Usage syntax and parameter description
1. Use grammar
[root@s152 ~]# chpasswd [options]
2. Parameter description
| parameter | Parameter Description |
|---|---|
| -c, --crypt-method method | Encryption method (one of NONE DES MD5 SHA256 SHA512) |
| -e, --encrypted | The password provided is encrypted |
| -h, --help | Show this help message and exit |
| -m, --md5 | Encrypt plain text password using MD5 algorithm |
| -R, --root CHROOT_DIR | The directory to chroot to |
| -s, --sha-rounds | SHA* The number next to SHA in the encryption algorithm |
4. Chpasswd command usage practice
1. Change the passwords of all ordinary users on the host to random passwords
- Get the list of common users of the host
[root@s152 ~]# grep -A100 "1000" /etc/passwd
wuhs:x:1000:1000::/home/wuhs:/bin/bash
username1:x:1001:1001::/home/username1:/bin/bash
username2:x:1002:1002::/home/username2:/bin/bash
username3:x:1003:1003::/home/username3:/bin/bash
user1:x:1004:1004::/home/user1:/bin/bash
user2:x:1005:1005::/home/user2:/bin/bash
user3:x:1006:1006::/home/user3:/bin/bash
- Intercept username
[root@s152 ~]# grep -A100 "1000" /etc/passwd |awk -F ":" '{print $1}'
wuhs
username1
username2
username3
user1
user2
user3
- Generate random passwords
For host security, we can use the rand command to generate random passwords for each user.
[root@s152 ~]# grep -A100 "1000" /etc/passwd |awk -F ":" '{print $1}'|while read username; do echo "$username:$(openssl rand -base64 12 | tr -d '/+=' | cut -c1-10)"; done
wuhs:5alFTKDlx4
username1:sk6cLRudWd
username2:dmXUNwtbfV
username3:9uSatzk4o5
user1:u7oyTpJNsU
user2:skPUFLSBph
user3:N9H26K9DAn
- Write password file
[root@s152 ~]# grep -A100 "1000" /etc/passwd |awk -F ":" '{print $1}'|while read username; do echo "$username:$(openssl rand -base64 12 | tr -d '/+=' | cut -c1-10)"; done > passwords.txt
- Modify user passwords in batches
[root@s152 ~]# cat passwords.txt | chpasswd
2. Modify the specified passwords for all ordinary users on the host
- Get the user list and generate a ciphertext file with the specified password
[root@s152 ~]# grep -A100 "1000" /etc/passwd |awk -F ":" '{print $1}'|while read username; do echo "$username:`openssl passwd -1 123456`"; done | tee > passwords.txt
[root@s152 ~]# cat passwords.txt
wuhs:$1$btyaR2sN$FveCHL1OmoXlxOchhGfcS0
username1:$1$G91mrc9c$Mk8WfCDlAdkF7rBeVqKRA/
username2:$1$w3fDQoya$IB68pOvfFsF8Q3o9.bl3S/
username3:$1$otFkp13s$XaKllMYpAEw..O86v5mGo.
user1:$1$NwidAVMb$dGtoik4PJveKhaD8ETwv6.
user2:$1$ILVS7XnP$N8LA9lu1UusMqaecEG33Z1
user3:$1$ybXJAUnb$oFLxTE4qi8J7/AuneQQzV0
- Change passwords in batches
[root@s152 ~]# cat passwords.txt |chpasswd -e
[root@s152 ~]# su - wuhs
Last time Login: Friday August 25 16:52:48 CST 2023pts/0 on
[wuhs@s152 ~]$ su - user1
Password:
Last login: August 25, 2020 16:52:55 CST 2023pts/0