Change password in headless mode












2














I am building a script to fully automate a VPS setup, and I need to change the root password. I would like to avoid typing it as the script is running through SSH.



Is there a way to redirect an arbitrary value to the input of passwd command?



EDIT



I know for passwd < passwd_file.txt containing the password twice... I would like to know if there is a more elegant way as it seems a little bit clumsy to use a temp file for this purpose.






shell ubuntu io-redirection password







share|improve this question
























  • Why not just set a disabled password usermod -p '*' root, and setup SSH key-based authentication?
    – Zoredache
    Apr 13 '12 at 18:16












  • I would like to keep a (strong) password to be able to log from another user.
    – Mike Aski
    Apr 14 '12 at 5:45










  • expect also works for may things
    – RobotHumans
    Apr 14 '12 at 6:06










  • I finally found the solution: see below...
    – Mike Aski
    Apr 14 '12 at 6:07
















2














I am building a script to fully automate a VPS setup, and I need to change the root password. I would like to avoid typing it as the script is running through SSH.



Is there a way to redirect an arbitrary value to the input of passwd command?



EDIT



I know for passwd < passwd_file.txt containing the password twice... I would like to know if there is a more elegant way as it seems a little bit clumsy to use a temp file for this purpose.






shell ubuntu io-redirection password







share|improve this question
























  • Why not just set a disabled password usermod -p '*' root, and setup SSH key-based authentication?
    – Zoredache
    Apr 13 '12 at 18:16












  • I would like to keep a (strong) password to be able to log from another user.
    – Mike Aski
    Apr 14 '12 at 5:45










  • expect also works for may things
    – RobotHumans
    Apr 14 '12 at 6:06










  • I finally found the solution: see below...
    – Mike Aski
    Apr 14 '12 at 6:07














2












2








2


0





I am building a script to fully automate a VPS setup, and I need to change the root password. I would like to avoid typing it as the script is running through SSH.



Is there a way to redirect an arbitrary value to the input of passwd command?



EDIT



I know for passwd < passwd_file.txt containing the password twice... I would like to know if there is a more elegant way as it seems a little bit clumsy to use a temp file for this purpose.






shell ubuntu io-redirection password







share|improve this question















I am building a script to fully automate a VPS setup, and I need to change the root password. I would like to avoid typing it as the script is running through SSH.



Is there a way to redirect an arbitrary value to the input of passwd command?



EDIT



I know for passwd < passwd_file.txt containing the password twice... I would like to know if there is a more elegant way as it seems a little bit clumsy to use a temp file for this purpose.






shell ubuntu io-redirection password




shell ubuntu io-redirection password






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited Apr 28 '12 at 16:12









Caleb

50.3k9146191




50.3k9146191










asked Apr 13 '12 at 16:46









Mike Aski

12318




12318












  • Why not just set a disabled password usermod -p '*' root, and setup SSH key-based authentication?
    – Zoredache
    Apr 13 '12 at 18:16












  • I would like to keep a (strong) password to be able to log from another user.
    – Mike Aski
    Apr 14 '12 at 5:45










  • expect also works for may things
    – RobotHumans
    Apr 14 '12 at 6:06










  • I finally found the solution: see below...
    – Mike Aski
    Apr 14 '12 at 6:07


















  • Why not just set a disabled password usermod -p '*' root, and setup SSH key-based authentication?
    – Zoredache
    Apr 13 '12 at 18:16












  • I would like to keep a (strong) password to be able to log from another user.
    – Mike Aski
    Apr 14 '12 at 5:45










  • expect also works for may things
    – RobotHumans
    Apr 14 '12 at 6:06










  • I finally found the solution: see below...
    – Mike Aski
    Apr 14 '12 at 6:07
















Why not just set a disabled password usermod -p '*' root, and setup SSH key-based authentication?
– Zoredache
Apr 13 '12 at 18:16






Why not just set a disabled password usermod -p '*' root, and setup SSH key-based authentication?
– Zoredache
Apr 13 '12 at 18:16














I would like to keep a (strong) password to be able to log from another user.
– Mike Aski
Apr 14 '12 at 5:45




I would like to keep a (strong) password to be able to log from another user.
– Mike Aski
Apr 14 '12 at 5:45












expect also works for may things
– RobotHumans
Apr 14 '12 at 6:06




expect also works for may things
– RobotHumans
Apr 14 '12 at 6:06












I finally found the solution: see below...
– Mike Aski
Apr 14 '12 at 6:07




I finally found the solution: see below...
– Mike Aski
Apr 14 '12 at 6:07










4 Answers
4






active

oldest

votes


















4














You don't say what version of UNIX you're using, but on Linux the passwd(1) man page shows:



   --stdin

          This option is used to indicate that passwd should read the  new

          password from standard input, which can be a pipe.


So all you have to do is run:



echo 'somepassword' | passwd --stdin


Edit to add: more portable is chpasswd which exists on (at least) both Red Hat and Ubuntu:



echo 'someuser:somepassword' | chpasswd


See the man page.






share|improve this answer























  • I would have been really fond of this option, but it does not exists on Ubuntu... :-(
    – Mike Aski
    Apr 14 '12 at 5:47










  • You can use chpasswd. That exists on both Red Hat and Ubuntu.
    – MadScientist
    Apr 28 '12 at 15:33



















1














I think you'll have a tough time doing what you want. The passwd command goes to great lengths to avoid just the situation you describe, so as to hinder any password guessing schemes, and circumvent a lot of potential security problems.



Can you use the useradd command? Typical linux useradd has a "-p" or "--password" option that lets you set the encrypted password to some value. You can get that encrypted password out of the file /etc/shadow.



The other option is to monkey with the file /etc/shadow. It shouldn't be too hard to used sed or something to change the salted, encrypted root password.






share|improve this answer





















  • First, thanks for your quick reply. But useradd is not recommended, man pages says I should prefer adduser... And second option is yet worst than mine... ;-P
    – Mike Aski
    Apr 13 '12 at 16:53








  • 1




    @MikeAski, On many systems adduser is simply a front-end to useradd. For general interactive usage, the adduser command is preferred since it usually has a number of useful defaults. From a script useradd, or in this case usermod is potentially a valid choice.
    – Zoredache
    Apr 13 '12 at 18:15



















1














Yes! Found the way. printf saved me:



HOST=...

echo "Root password? " && read -r ROOT_PASSWORD

...

ssh root@$HOST <<EOF

    printf "$ROOT_PASSWORDn$ROOT_PASSWORDn" | passwd

EOF


That is to me the best way out: clean & perfectly secure as password never get on local nether remote host in clear (through ssh connection only).






share|improve this answer





























    0














    You could wrap tmux around passwd:



    tmux new-session -ds chpwd passwd
    
tmux send-keys -t chpwd NEWPASSWORD$'n'
    
tmux send-keys -t chpwd NEWPASSWORD$'n'


    Run as root of course.






    share|improve this answer





















      Your Answer








      StackExchange.ready(function() {
      var channelOptions = {
      tags: "".split(" "),
      id: "106"
      };
      initTagRenderer("".split(" "), "".split(" "), channelOptions);

      StackExchange.using("externalEditor", function() {
      // Have to fire editor after snippets, if snippets enabled
      if (StackExchange.settings.snippets.snippetsEnabled) {
      StackExchange.using("snippets", function() {
      createEditor();
      });
      }
      else {
      createEditor();
      }
      });

      function createEditor() {
      StackExchange.prepareEditor({
      heartbeatType: 'answer',
      autoActivateHeartbeat: false,
      convertImagesToLinks: false,
      noModals: true,
      showLowRepImageUploadWarning: true,
      reputationToPostImages: null,
      bindNavPrevention: true,
      postfix: "",
      imageUploader: {
      brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
      contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
      allowUrls: true
      },
      onDemand: true,
      discardSelector: ".discard-answer"
      ,immediatelyShowMarkdownHelp:true
      });


      }
      });














      draft saved

      draft discarded


















      StackExchange.ready(
      function () {
      StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f36378%2fchange-password-in-headless-mode%23new-answer', 'question_page');
      }
      );

      Post as a guest















      Required, but never shown

























      4 Answers
      4






      active

      oldest

      votes








      4 Answers
      4






      active

      oldest

      votes









      active

      oldest

      votes






      active

      oldest

      votes









      4














      You don't say what version of UNIX you're using, but on Linux the passwd(1) man page shows:



         --stdin
      
          This option is used to indicate that passwd should read the  new
      
          password from standard input, which can be a pipe.


      So all you have to do is run:



      echo 'somepassword' | passwd --stdin


      Edit to add: more portable is chpasswd which exists on (at least) both Red Hat and Ubuntu:



      echo 'someuser:somepassword' | chpasswd


      See the man page.






      share|improve this answer























      • I would have been really fond of this option, but it does not exists on Ubuntu... :-(
        – Mike Aski
        Apr 14 '12 at 5:47










      • You can use chpasswd. That exists on both Red Hat and Ubuntu.
        – MadScientist
        Apr 28 '12 at 15:33
















      4














      You don't say what version of UNIX you're using, but on Linux the passwd(1) man page shows:



         --stdin
      
          This option is used to indicate that passwd should read the  new
      
          password from standard input, which can be a pipe.


      So all you have to do is run:



      echo 'somepassword' | passwd --stdin


      Edit to add: more portable is chpasswd which exists on (at least) both Red Hat and Ubuntu:



      echo 'someuser:somepassword' | chpasswd


      See the man page.






      share|improve this answer























      • I would have been really fond of this option, but it does not exists on Ubuntu... :-(
        – Mike Aski
        Apr 14 '12 at 5:47










      • You can use chpasswd. That exists on both Red Hat and Ubuntu.
        – MadScientist
        Apr 28 '12 at 15:33














      4












      4








      4






      You don't say what version of UNIX you're using, but on Linux the passwd(1) man page shows:



         --stdin
      
          This option is used to indicate that passwd should read the  new
      
          password from standard input, which can be a pipe.


      So all you have to do is run:



      echo 'somepassword' | passwd --stdin


      Edit to add: more portable is chpasswd which exists on (at least) both Red Hat and Ubuntu:



      echo 'someuser:somepassword' | chpasswd


      See the man page.






      share|improve this answer














      You don't say what version of UNIX you're using, but on Linux the passwd(1) man page shows:



         --stdin
      
          This option is used to indicate that passwd should read the  new
      
          password from standard input, which can be a pipe.


      So all you have to do is run:



      echo 'somepassword' | passwd --stdin


      Edit to add: more portable is chpasswd which exists on (at least) both Red Hat and Ubuntu:



      echo 'someuser:somepassword' | chpasswd


      See the man page.







      share|improve this answer














      share|improve this answer



      share|improve this answer








      edited Apr 28 '12 at 15:35

























      answered Apr 13 '12 at 19:32









      MadScientist

      1,92811316




      1,92811316












      • I would have been really fond of this option, but it does not exists on Ubuntu... :-(
        – Mike Aski
        Apr 14 '12 at 5:47










      • You can use chpasswd. That exists on both Red Hat and Ubuntu.
        – MadScientist
        Apr 28 '12 at 15:33


















      • I would have been really fond of this option, but it does not exists on Ubuntu... :-(
        – Mike Aski
        Apr 14 '12 at 5:47










      • You can use chpasswd. That exists on both Red Hat and Ubuntu.
        – MadScientist
        Apr 28 '12 at 15:33
















      I would have been really fond of this option, but it does not exists on Ubuntu... :-(
      – Mike Aski
      Apr 14 '12 at 5:47




      I would have been really fond of this option, but it does not exists on Ubuntu... :-(
      – Mike Aski
      Apr 14 '12 at 5:47












      You can use chpasswd. That exists on both Red Hat and Ubuntu.
      – MadScientist
      Apr 28 '12 at 15:33




      You can use chpasswd. That exists on both Red Hat and Ubuntu.
      – MadScientist
      Apr 28 '12 at 15:33













      1














      I think you'll have a tough time doing what you want. The passwd command goes to great lengths to avoid just the situation you describe, so as to hinder any password guessing schemes, and circumvent a lot of potential security problems.



      Can you use the useradd command? Typical linux useradd has a "-p" or "--password" option that lets you set the encrypted password to some value. You can get that encrypted password out of the file /etc/shadow.



      The other option is to monkey with the file /etc/shadow. It shouldn't be too hard to used sed or something to change the salted, encrypted root password.






      share|improve this answer





















      • First, thanks for your quick reply. But useradd is not recommended, man pages says I should prefer adduser... And second option is yet worst than mine... ;-P
        – Mike Aski
        Apr 13 '12 at 16:53








      • 1




        @MikeAski, On many systems adduser is simply a front-end to useradd. For general interactive usage, the adduser command is preferred since it usually has a number of useful defaults. From a script useradd, or in this case usermod is potentially a valid choice.
        – Zoredache
        Apr 13 '12 at 18:15
















      1














      I think you'll have a tough time doing what you want. The passwd command goes to great lengths to avoid just the situation you describe, so as to hinder any password guessing schemes, and circumvent a lot of potential security problems.



      Can you use the useradd command? Typical linux useradd has a "-p" or "--password" option that lets you set the encrypted password to some value. You can get that encrypted password out of the file /etc/shadow.



      The other option is to monkey with the file /etc/shadow. It shouldn't be too hard to used sed or something to change the salted, encrypted root password.






      share|improve this answer





















      • First, thanks for your quick reply. But useradd is not recommended, man pages says I should prefer adduser... And second option is yet worst than mine... ;-P
        – Mike Aski
        Apr 13 '12 at 16:53








      • 1




        @MikeAski, On many systems adduser is simply a front-end to useradd. For general interactive usage, the adduser command is preferred since it usually has a number of useful defaults. From a script useradd, or in this case usermod is potentially a valid choice.
        – Zoredache
        Apr 13 '12 at 18:15














      1












      1








      1






      I think you'll have a tough time doing what you want. The passwd command goes to great lengths to avoid just the situation you describe, so as to hinder any password guessing schemes, and circumvent a lot of potential security problems.



      Can you use the useradd command? Typical linux useradd has a "-p" or "--password" option that lets you set the encrypted password to some value. You can get that encrypted password out of the file /etc/shadow.



      The other option is to monkey with the file /etc/shadow. It shouldn't be too hard to used sed or something to change the salted, encrypted root password.






      share|improve this answer












      I think you'll have a tough time doing what you want. The passwd command goes to great lengths to avoid just the situation you describe, so as to hinder any password guessing schemes, and circumvent a lot of potential security problems.



      Can you use the useradd command? Typical linux useradd has a "-p" or "--password" option that lets you set the encrypted password to some value. You can get that encrypted password out of the file /etc/shadow.



      The other option is to monkey with the file /etc/shadow. It shouldn't be too hard to used sed or something to change the salted, encrypted root password.







      share|improve this answer












      share|improve this answer



      share|improve this answer










      answered Apr 13 '12 at 16:52









      Bruce Ediger

      34.7k566119




      34.7k566119












      • First, thanks for your quick reply. But useradd is not recommended, man pages says I should prefer adduser... And second option is yet worst than mine... ;-P
        – Mike Aski
        Apr 13 '12 at 16:53








      • 1




        @MikeAski, On many systems adduser is simply a front-end to useradd. For general interactive usage, the adduser command is preferred since it usually has a number of useful defaults. From a script useradd, or in this case usermod is potentially a valid choice.
        – Zoredache
        Apr 13 '12 at 18:15


















      • First, thanks for your quick reply. But useradd is not recommended, man pages says I should prefer adduser... And second option is yet worst than mine... ;-P
        – Mike Aski
        Apr 13 '12 at 16:53








      • 1




        @MikeAski, On many systems adduser is simply a front-end to useradd. For general interactive usage, the adduser command is preferred since it usually has a number of useful defaults. From a script useradd, or in this case usermod is potentially a valid choice.
        – Zoredache
        Apr 13 '12 at 18:15
















      First, thanks for your quick reply. But useradd is not recommended, man pages says I should prefer adduser... And second option is yet worst than mine... ;-P
      – Mike Aski
      Apr 13 '12 at 16:53






      First, thanks for your quick reply. But useradd is not recommended, man pages says I should prefer adduser... And second option is yet worst than mine... ;-P
      – Mike Aski
      Apr 13 '12 at 16:53






      1




      1




      @MikeAski, On many systems adduser is simply a front-end to useradd. For general interactive usage, the adduser command is preferred since it usually has a number of useful defaults. From a script useradd, or in this case usermod is potentially a valid choice.
      – Zoredache
      Apr 13 '12 at 18:15




      @MikeAski, On many systems adduser is simply a front-end to useradd. For general interactive usage, the adduser command is preferred since it usually has a number of useful defaults. From a script useradd, or in this case usermod is potentially a valid choice.
      – Zoredache
      Apr 13 '12 at 18:15











      1














      Yes! Found the way. printf saved me:



      HOST=...
      
echo "Root password? " && read -r ROOT_PASSWORD
      
...
      
ssh root@$HOST <<EOF
      
    printf "$ROOT_PASSWORDn$ROOT_PASSWORDn" | passwd
      
EOF


      That is to me the best way out: clean & perfectly secure as password never get on local nether remote host in clear (through ssh connection only).






      share|improve this answer


























        1














        Yes! Found the way. printf saved me:



        HOST=...
        
echo "Root password? " && read -r ROOT_PASSWORD
        
...
        
ssh root@$HOST <<EOF
        
    printf "$ROOT_PASSWORDn$ROOT_PASSWORDn" | passwd
        
EOF


        That is to me the best way out: clean & perfectly secure as password never get on local nether remote host in clear (through ssh connection only).






        share|improve this answer
























          1












          1








          1






          Yes! Found the way. printf saved me:



          HOST=...
          
echo "Root password? " && read -r ROOT_PASSWORD
          
...
          
ssh root@$HOST <<EOF
          
    printf "$ROOT_PASSWORDn$ROOT_PASSWORDn" | passwd
          
EOF


          That is to me the best way out: clean & perfectly secure as password never get on local nether remote host in clear (through ssh connection only).






          share|improve this answer












          Yes! Found the way. printf saved me:



          HOST=...
          
echo "Root password? " && read -r ROOT_PASSWORD
          
...
          
ssh root@$HOST <<EOF
          
    printf "$ROOT_PASSWORDn$ROOT_PASSWORDn" | passwd
          
EOF


          That is to me the best way out: clean & perfectly secure as password never get on local nether remote host in clear (through ssh connection only).







          share|improve this answer












          share|improve this answer



          share|improve this answer










          answered Apr 14 '12 at 6:06









          Mike Aski

          12318




          12318























              0














              You could wrap tmux around passwd:



              tmux new-session -ds chpwd passwd
              
tmux send-keys -t chpwd NEWPASSWORD$'n'
              
tmux send-keys -t chpwd NEWPASSWORD$'n'


              Run as root of course.






              share|improve this answer


























                0














                You could wrap tmux around passwd:



                tmux new-session -ds chpwd passwd
                
tmux send-keys -t chpwd NEWPASSWORD$'n'
                
tmux send-keys -t chpwd NEWPASSWORD$'n'


                Run as root of course.






                share|improve this answer
























                  0












                  0








                  0






                  You could wrap tmux around passwd:



                  tmux new-session -ds chpwd passwd
                  
tmux send-keys -t chpwd NEWPASSWORD$'n'
                  
tmux send-keys -t chpwd NEWPASSWORD$'n'


                  Run as root of course.






                  share|improve this answer












                  You could wrap tmux around passwd:



                  tmux new-session -ds chpwd passwd
                  
tmux send-keys -t chpwd NEWPASSWORD$'n'
                  
tmux send-keys -t chpwd NEWPASSWORD$'n'


                  Run as root of course.







                  share|improve this answer












                  share|improve this answer



                  share|improve this answer










                  answered Apr 13 '12 at 17:25









                  Thor

                  11.6k13358




                  11.6k13358






























                      draft saved

                      draft discarded




















































                      Thanks for contributing an answer to Unix & Linux Stack Exchange!


                      • Please be sure to answer the question. Provide details and share your research!

                      But avoid



                      • Asking for help, clarification, or responding to other answers.

                      • Making statements based on opinion; back them up with references or personal experience.


                      To learn more, see our tips on writing great answers.





                      Some of your past answers have not been well-received, and you're in danger of being blocked from answering.


                      Please pay close attention to the following guidance:


                      • Please be sure to answer the question. Provide details and share your research!

                      But avoid



                      • Asking for help, clarification, or responding to other answers.

                      • Making statements based on opinion; back them up with references or personal experience.


                      To learn more, see our tips on writing great answers.




                      draft saved


                      draft discarded














                      StackExchange.ready(
                      function () {
                      StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f36378%2fchange-password-in-headless-mode%23new-answer', 'question_page');
                      }
                      );

                      Post as a guest















                      Required, but never shown





















































                      Required, but never shown














                      Required, but never shown












                      Required, but never shown







                      Required, but never shown

































                      Required, but never shown














                      Required, but never shown












                      Required, but never shown







                      Required, but never shown







                      -

                      Popular posts from this blog

                      List directoties down one level, excluding some named directories and files

                      Image
                      1 I want to send a list of all folders including one level down to a txt file. Excluding some named folders and no files. Imagine a folder structure like this. CAPS are folders. FOLDER 1 .hidden TEMP somefile ========= ========= FOLDER 2 .hidden TEMP DATA1 DATA2 somefile ======== ======== FOLDER 3 .hidden TEMP DATA1 somefile I would like to run "insert magic command here" and end up with an output that looks like below FOLDER 1 FOLDER 2 DATA1 DATA2 FOLDER 3 DATA1 bash shell-script share | improve this question edited Dec 16 at 4:15 Rui F Ribeiro ...
                      Read more

                      Województwo

                      Image
                      Podział administracyjny Polski (stan na 1 stycznia 2010) Województwo – jednostka podziału administracyjnego najwyższego stopnia w Polsce, od 1990 r. jednostka zasadniczego podziału terytorialnego administracji rządowej, od 1999 r. także jednostka samorządu terytorialnego. Podział kraju na województwa ma swoje korzenie w okresie rozbicia dzielnicowego, stąd ich zróżnicowanie pod względem wielkości w czasach Rzeczypospolitej. Pierwsze województwa powstawały na przełomie XIV i XV w. Pierwotnie były to samodzielne zgromadzenia wojskowe na określonych terenach Polski, którymi zarządzali wyznaczani przez władcę wojewodowie – od: wodzić woje. Status województwa reguluje w Polsce ustawa o samorządzie województwa z dnia 5 czerwca 1998 r. [1] Spis treści 1 Liczba województw 2 Stan aktualny – 16 województw 2.1 Podział na województwa od 1999 r. 3 Województwa w przeszłości 3.1 Pierwsze województwa w Polsce 3.2 Województwa w okresie I Rzeczypospolitej 3....
                      Read more

                      What dialect is “You wants I should do it for ya?”

                      Image
                      0 I heard this phrasing in an episode of a TV show, but I can't remember what for the life of me. I just remember how weird it sounded, because no one else talked like that in the series? It was a white character in a rural setting, if that helps. A criminal henchman. Is there an area or something where "You wants I..." is commonplace? slang dialects share | improve this question asked 12 hours ago Patroclus 21 2 2 ...
                      Read more