I developed a tool to send one-line commands to different linux machines in one shot using JSch (A java library used to communicating with other machines over ssh)
So our client needs to change the password on ALL machines. Google helped me reach this point:
echo -e "123\n123" | passwd username
Where '123' is the new password.
The command executes but this is ALWAYS the output:
[root@QNA-XR1 ~]# echo -e "123\n123" | passwd
Changing password for root
New password:
Retype password:
passwd: password for root is unchanged
Which indicates that the command didn't succeed.
Please note that this is an small device with linux running on it. It's a privately compiled version to be as compact as possible. I don't know much about linux actually !
This is the machines info:
[root@QNA-XR1 ~]# uname -a
Linux QNA-XR1 2.6.22-XR100-v1.1.7 #1 Tue Aug 19 22:55:50 EDT 2008 ppc unknown
passwd help:
[root@QNA-XR1 ~]# passwd --help
BusyBox v1.7.3 (2008-01-09 00:06:30 EST) multi-call binary
Usage: passwd [OPTION] [name]
Change a user password. If no name is specified,
changes the password for the current user.
Options:
-a Define which algorithm shall be used for the password
(choices: des, md5)
-d Delete the password for the specified user account
-l Locks (disables) the specified user account
-u Unlocks (re-enables) the specified user account
echo help
[root@QNA-XR1 ~]# help echo
echo: echo [-neE] [arg ...]
Output the ARGs. If -n is specified, the trailing newline is
suppressed. If the -e option is given, interpretation of the
following backslash-escaped characters is turned on:
\a alert (bell)
\b backspace
\c suppress trailing newline
\E escape character
\f form feed
\n new line
\r carriage return
\t horizontal tab
\v vertical tab
\\ backslash
\num the character whose ASCII code is NUM (octal).
You can explicitly turn off the interpretation of the above characters
with the -E option.
Thanks a lot in advance for you help.
/bin/passwd
may be opening /dev/tty
to force reading from a terminal instead of a pipe.
You may be better off encrypting (hashing, really) your new password using crypt()
, and then replacing the password hash in /etc/shadow
(for systems that have it) or /etc/passwd
(for systems that don't). This has the disadvantage of being somewhat OS-dependent, but it doesn't get into weird tty games.
You might also be able to force allocation of a tty in ssh - ssh can operate both with or without one. Then you would add a couple of delays before sending the password in plaintext twice - this method is less OS-dependent, but tty games can be less than fun sometimes.