linuxjschpasswd

passwd in one command isn't working


I developed a tool to send one-line commands to different linux machines in one shot using JSch (A java library used to communicating with other machines over ssh)

So our client needs to change the password on ALL machines. Google helped me reach this point:

echo -e "123\n123" | passwd username Where '123' is the new password.

The command executes but this is ALWAYS the output:

[root@QNA-XR1 ~]# echo -e "123\n123" | passwd
Changing password for root
New password:
Retype password:
passwd: password for root is unchanged

Which indicates that the command didn't succeed.

Please note that this is an small device with linux running on it. It's a privately compiled version to be as compact as possible. I don't know much about linux actually !

This is the machines info:

[root@QNA-XR1 ~]# uname -a
Linux QNA-XR1 2.6.22-XR100-v1.1.7 #1 Tue Aug 19 22:55:50 EDT 2008 ppc unknown

passwd help:

[root@QNA-XR1 ~]# passwd --help
BusyBox v1.7.3 (2008-01-09 00:06:30 EST) multi-call binary

Usage: passwd [OPTION] [name]

Change a user password. If no name is specified,
changes the password for the current user.

Options:
        -a      Define which algorithm shall be used for the password
                (choices: des, md5)
        -d      Delete the password for the specified user account
        -l      Locks (disables) the specified user account
        -u      Unlocks (re-enables) the specified user account

echo help

[root@QNA-XR1 ~]# help echo
echo: echo [-neE] [arg ...]
    Output the ARGs.  If -n is specified, the trailing newline is
    suppressed.  If the -e option is given, interpretation of the
    following backslash-escaped characters is turned on:
        \a      alert (bell)
        \b      backspace
        \c      suppress trailing newline
        \E      escape character
        \f      form feed
        \n      new line
        \r      carriage return
        \t      horizontal tab
        \v      vertical tab
        \\      backslash
        \num    the character whose ASCII code is NUM (octal).

    You can explicitly turn off the interpretation of the above characters
    with the -E option.

Thanks a lot in advance for you help.


Solution

  • /bin/passwd may be opening /dev/tty to force reading from a terminal instead of a pipe.

    You may be better off encrypting (hashing, really) your new password using crypt(), and then replacing the password hash in /etc/shadow (for systems that have it) or /etc/passwd (for systems that don't). This has the disadvantage of being somewhat OS-dependent, but it doesn't get into weird tty games.

    You might also be able to force allocation of a tty in ssh - ssh can operate both with or without one. Then you would add a couple of delays before sending the password in plaintext twice - this method is less OS-dependent, but tty games can be less than fun sometimes.