Skip to content

ohbergan/knife-ssh-root-pass-tool

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

6 Commits
LICENSE
LICENSE
 
 
README.md
README.md
 
 
update-root-pass.sh
update-root-pass.sh
 
 

Repository files navigation

Server Password Updater Tool

This tool allows you to update root passwords on multiple servers using Chef's knife tool. It supports search queries for selecting servers and verifies that the password was changed successfully. To use this tool, you need SSH access and sudo privileges on the target servers.

Prerequisites

Before using this tool, ensure the following commands are installed and available on your system:

  • openssl: Used for password hashing.
  • sshpass: Required for non-interactive ssh password authentication.
  • knife: Essential for interacting with Chef servers.

You can check if these are installed by running command -v <command-name> for each command (replace <command-name> with openssl, sshpass, or knife). If any of these commands are not installed, you will need to install them before proceeding.

Installation

Download the tool here.

Usage

Display Help

To display help and see all available options, run:

./update-root-pass.sh --help

Options

  • -p Specify the password in clear text. This will be used to verify that the changed password works so it is needed even if you supply a hash.
  • -h Specify the hash to use. This ensures that the hash will be the same on all hosts.
  • -o Specify an output file to save the results.
  • -l List the machines without changing passwords.
  • --hosts Specify a list of hosts separated by space.
  • --help Display this help message.

The password on the remote host will be set by sending the hashed password, not the plaintext password.

This tool will use sha-512 hashes. As far as I have been able to find out on the internet this is compatible with both RHEL/CentOS 6 which was released in 2011 as well as Debian 6 ("squeeze") released in 2014.

Examples

  • Generate a sha-512 hash, this is what the tool would generate as well: 
    $ openssl passwd -6
Password:
Verifying - Password:
$6$5q...
  • List all CentOS machines without changing passwords and save the results to a file: 
    ./update-root-pass.sh -l -o results.txt 'platform:centos'
  • Change the password on all hosts specified in the list: 
    ./update-root-pass.sh -p 'myPassword123' --hosts 'fqdn1 fqdn2'
  • Change the password on all nodes in the Chef server matching the search query: 
    ./update-root-pass.sh -p 'myPassword123' 'name:*'
  • Change the password on all nodes in the Chef server matching the search query using the specified password hash: 
    ./update-root-pass.sh -p 'myPassword123' -h '$6$saltsalt$hashedpasswordhere' 'name:*'

About

No description, website, or topics provided.

Resources

Readme

License

Apache-2.0 license
Activity

Stars

0 stars

Watchers

1 watching

Forks

2 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages