I have systems that are secured with PAM authentication / SSH. When attempting to execute “passwd” commands remotely with SSH, the system does not allow this.
These systems are setup with Public Key Authentication, and NOPASSWD option in /etc/sudoers.
Script 1 – This script runs from a management server. It copies “local” script out to the servers, then executes the script with ssh / sudo, then deletes the script when complete.
#!/bin/bash HOSTREAD=$(cat /opt/scripts/hosts.txt) USR="forgotten" for server in $HOSTREAD; do scp /opt/scripts/local-change-passwords.sh $USR@$server:~ ssh $USR@$server 'sudo sh local-change-passwords.sh' ssh $USR@$server 'rm local-change-passwords.sh' done
Script 2 – This is the local script that is copied out to each server, executed, then removed after the users passwords are changed.
#!/bin/bash USR="forgotten" echo -e 'yourspecialpassword'"\n"'yourspecialpassword' | passwd $USR done