如何远程修改多台服务器密码?如何一次性批量修改多台服务器密码?利用expect批量修改Linux服务器密码
<h2 id="8e1b944f" data-lake-id="5db29fd46970eb02f7267ef724fbb111" data-wording="true">一、背景</h2><p data-lake-id="8f022a213eec80bbee0b223b902e960a" data-wording="true">修改Linux系统密码,执行<code>passwd</code>即可更改密码。可如果有成千上百台服务器呢,通过ssh的方式逐一进行修改,对我们来说,工作量是非常大,且效率非常低下。因此准备采用批量修改密码的方式来处理。</p>
<h2 id="cbb060fd" data-lake-id="d0e01bb5f63fdaa392d54210059d17a7" data-wording="true">二、环境准备</h2>
<p data-lake-id="30cab1d10e14472b45f9c24a1ad5227d" data-wording="true">需求:在Linux环境下运行,需要tcl和expect支持</p>
<p data-lake-id="7ef53ac7722a4438f4419452d19343d3" data-wording="true">检查系统是否有expect和tcl:</p>
<p data-lake-id="217c7e0bd93fb2dd4a0f3de280894f31"> <img src="https://img2020.cnblogs.com/blog/584706/202012/584706-20201211171948536-614036851.png" alt="" width="573" height="105" loading="lazy"></p>
<p data-lake-id="f5d3676adfac47d00f2ec46b44e7979c" data-wording="true">可以看到系统已经安装有这两个软件,如果没有,<code>yum -y install expect tcl</code>进行安装即可。</p>
<p data-lake-id="2e180a8bda8779acb87b009d2fd4b997" data-wording="true"><strong>「说明:本文利用expect的自动化人机交互功能,登录到远端服务器批量修改密码」</strong></p>
<p data-lake-id="2e180a8bda8779acb87b009d2fd4b997" data-wording="true"> </p>
<h2 id="fdFkG" data-lake-id="d5d2c81d7f76ceffa50ea54865550cef" data-wording="true">三、具体步骤</h2>
<h3 id="DTtXc" data-lake-id="07376494c8be99f07116a8aa1f3b6385" data-wording="true">1、编写脚本文件</h3>
<p data-lake-id="bf17f37d496d1c50473e679fe9c20e8f" data-wording="true">实现批量修改密码,需要创建三个文件:</p>
<p data-lake-id="1ad04bb378018f0b57fd37ae3ac3593f" data-wording="true"><strong>1.touch </strong><strong>/root/pwdmodify</strong><strong>/ip.ini</strong></p>
<p data-lake-id="10554b8da144e65974e3afcf45c264bc" data-wording="true">该文件用于存放目标服务器的IP地址和root密码,及新密码;新密码也可以通过mkpasswd生成</p>
<p data-lake-id="8a8f69806fda925045b08e54aeec4d01" data-wording="true">这里以1台设备为例,如果你需要修改更多服务器密码,只需要编写服务器IP及对应的root密码即可。如图所示:</p>
<p data-lake-id="8a8f69806fda925045b08e54aeec4d01" data-wording="true"><img src="https://img2020.cnblogs.com/blog/584706/202012/584706-20201211172119214-534907152.png" alt="" loading="lazy"></p>
<p> </p>
<p> </p>
<p data-lake-id="8352a55b5e1cdb9757cc9fc03834d2fe" data-wording="true"><strong>2.touch </strong><strong>/root/pwdmodify/passwd.sh</strong></p>
<p data-lake-id="651f51c9b3d57ff1eca41a2aa74ff81e" data-wording="true"><span class="lake-fontsize-12">利用for循环实现批量执行,如下:</span></p>
<div class="cnblogs_code">
<pre>#! /bin/<span style="color: rgba(0, 0, 0, 1)">bash
</span><span style="color: rgba(0, 0, 255, 1)">for</span> ip <span style="color: rgba(0, 0, 255, 1)">in</span> `<span style="color: rgba(0, 0, 255, 1)">awk</span> <span style="color: rgba(128, 0, 0, 1)">'</span><span style="color: rgba(128, 0, 0, 1)">{print $1}</span><span style="color: rgba(128, 0, 0, 1)">'</span> /root/pwdmodify/<span style="color: rgba(0, 0, 0, 1)">ip.ini`
</span><span style="color: rgba(0, 0, 255, 1)">do</span>
<span style="color: rgba(0, 0, 255, 1)">passwd</span>=`<span style="color: rgba(0, 0, 255, 1)">grep</span> $ip /root/pwdmodify/ip.ini |<span style="color: rgba(0, 0, 255, 1)">awk</span> <span style="color: rgba(128, 0, 0, 1)">'</span><span style="color: rgba(128, 0, 0, 1)">{print $2}</span><span style="color: rgba(128, 0, 0, 1)">'</span><span style="color: rgba(0, 0, 0, 1)">`
#
new_passwd</span>=`mkpasswd -l <span style="color: rgba(128, 0, 128, 1)">16</span> -d <span style="color: rgba(128, 0, 128, 1)">4</span> -c <span style="color: rgba(128, 0, 128, 1)">6</span> -C <span style="color: rgba(128, 0, 128, 1)">5</span><span style="color: rgba(0, 0, 0, 1)">`
expect </span>/root/pwdmodify/action.exp $ip $<span style="color: rgba(0, 0, 255, 1)">passwd</span><span style="color: rgba(0, 0, 0, 1)"> $new_passwd
</span><span style="color: rgba(0, 0, 255, 1)">done</span></pre>
</div>
<p data-lake-id="c0a73790e5d94bec44bd5665f4103df0" data-wording="true"><strong>3.touch </strong><strong>/root/pwdmodify</strong><strong>/action.exp</strong></p>
<p data-lake-id="fe54d4eab80bf41a15b19ccaa3dc664b"><strong> </strong>利用expect自动人机交互功能,设置特定的匹配形式,便于匹配相应的动作</p>
<p data-lake-id="7924345a84f3fc4e5e4a526bd2c918b5" data-wording="true">注意:第一行<code>#! /bin/expect</code>,表示使用expect解释器执行;第11行表示将密码统一修改为传递过来的密码</p>
<div class="cnblogs_code">
<pre>#! /bin/<span style="color: rgba(0, 0, 0, 1)">expect
set ipaddr
set </span><span style="color: rgba(0, 0, 255, 1)">passwd</span>
set new_passwd
set timeout </span><span style="color: rgba(128, 0, 128, 1)">30</span><span style="color: rgba(0, 0, 0, 1)">
spawn </span><span style="color: rgba(0, 0, 255, 1)">ssh</span><span style="color: rgba(0, 0, 0, 1)"> root@$ipaddr
expect {
</span><span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">yes/no</span><span style="color: rgba(128, 0, 0, 1)">"</span> {send <span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">yes\r</span><span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(0, 0, 0, 1)">;exp_continue}
</span><span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">password</span><span style="color: rgba(128, 0, 0, 1)">"</span> {send <span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">$passwd\r</span><span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(0, 0, 0, 1)">}
}
expect </span><span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">#</span><span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(0, 0, 0, 1)">
send </span><span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">echo $new_passwd |passwd --stdin root\r</span><span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(0, 0, 0, 1)">
send </span><span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">exit\r</span><span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(0, 0, 0, 1)">
expect eof</span></pre>
</div>
<h3 id="J0wN4" data-lake-id="b3b464ec37ddab78d6e2932686d194b2" data-wording="true">2、为脚本添加可执行权限</h3>
<div class="cnblogs_code">
<pre><span style="color: rgba(0, 0, 255, 1)">chmod</span> <span style="color: rgba(128, 0, 128, 1)">755</span> /root/pwdmodify/<span style="color: rgba(0, 0, 0, 1)">action.exp
</span><span style="color: rgba(0, 0, 255, 1)">chmod</span> <span style="color: rgba(128, 0, 128, 1)">755</span> /root/pwdmodify/<span style="color: rgba(0, 0, 255, 1)">passwd</span>.<span style="color: rgba(0, 0, 255, 1)">sh</span></pre>
</div>
<p> </p>
<h3 id="qY64O" data-lake-id="704cc0245bf285e2ef77305b1fdb6678" data-wording="true">3、至此,可以实现批量修改密码</h3>
<p><img src="https://img2020.cnblogs.com/blog/584706/202012/584706-20201211171707788-1939369325.png" alt="" width="634" height="208" loading="lazy"></p>
<p> </p>
<h2 id="EYgoI" data-lake-id="95a972dcf85328be53ecc98e62a11560" data-wording="true">脚本解释</h2>
<p data-lake-id="ec355107c619075c9904db3dbcfc0b86" data-wording="true">1)第一个脚本<code>passwd.sh</code>,应该好理解。就是利用awk命令把我们编写的<code>ip.ini</code>文本中的服务器IP及root密码分别提取出来;通过for循环,批量交给expect解释器执行。</p>
<p data-lake-id="60cad852147f349bd6c0214b6f6a19a7" data-wording="true">2)我们重点解释下<code>action.exp</code>脚本;</p>
<ol data-lake-id="0c592ae5aabfb8ff2b1799ba7de65ae4">
<li data-lake-id="7ef37b5cde574d94bb547c5b315fa10d" data-wording="true">第1行告诉操作系统,以下脚本代码使用expect解释器来执行。</li>
<li data-lake-id="5deffc21d9653d9180f5674f67355ab2" data-wording="true">第2行及第3行,第4行使用<code></code>,表示变量<code>ipaddr</code>及<code>passwd</code>接受从bash传递过来的参数,从0开始,分别表示第一个,第二个参数,第三个参数。这里表示从passwd.sh脚本中提取出来的ip 旧密码及新密码</li>
<li data-lake-id="543c35f6e048a3459b870832b4da29e5" data-wording="true">第5行设定了本脚本所有的超时时间,单位是秒(s)</li>
<li data-lake-id="977ca53beac575ec4f02d57411d837df" data-wording="true">第6行利用<code>spawn</code>命令启动ssh会话连接</li>
<li data-lake-id="f461ee0b8cb09e0273582592bf456ce9" data-wording="true">第7-9行<code>expect {}</code>代表多行期望;当匹配到<code>yes/no</code>时,自动输入yes并执行回车动作;匹配到<code>password</code>时,自动输入密码并回车。</li>
<li data-lake-id="de38b305296485a838fe2a94a9331f74" data-wording="true">第12行不用多解释了吧,登录上远程服务器后,将密码修改为$new_passwd</li>
<li data-lake-id="193be1aa6046858db499c2cab8e57a1a" data-wording="true">第13及14行表示退出expect;其中<code>expect eof</code>与<code>spawn</code>对应,表示捕获终端输出信息的终止。</li>
</ol>
<p> </p>
<p data-lake-id="9b9c476cee74f2a7ee2d1e95eb665e5a">mkpasswd命令生成随机密码,如果没有则安装</p>
<p data-lake-id="02ccbf65693469c3e3dbc857fb30c9c1">参数:</p>
<p data-lake-id="ee326442f942f62170a020cd42d998ef">-l # (密码的长度定义, 默认是 9)</p>
<p data-lake-id="e9eb28b7545e2bab9ba1c01e9bfc5654">-d # (数字个数, 默认是 2)</p>
<p data-lake-id="69beeda85b5c302032e349fe1c4336d2">-c # (小写字符个数, 默认是 2)</p>
<p data-lake-id="14f03310dedacd507329447a84172129">-C # (大写字符个数, 默认是 2)</p>
<p data-lake-id="0b07b0ad5895f88fa13e74aa2444e22d">-s # (特殊字符个数, 默认是 1)</p>
<p data-lake-id="c087435de97294a4aeb96c22a8c63524">-v (详细。。。)</p>
<p data-lake-id="b147b0d792d6bc8b77477a54da0a8a18">-p prog (程序设置密码, 默认是 passwd)</p>
<p data-lake-id="9414f1eaa9d7569ad8fe77872fe6a5c8"> </p>
<p data-lake-id="a5dcfdb463e6d6c01d672863c32e19db">示例:</p>
<div class="cnblogs_code">
<pre>#<span style="color: rgba(128, 0, 128, 1)">1</span><span style="color: rgba(0, 0, 0, 1)">.生成密码长度10,数字2个,小写3个,大写3个,特殊2个
mkpasswd</span>-l <span style="color: rgba(128, 0, 128, 1)">10</span> -d <span style="color: rgba(128, 0, 128, 1)">2</span> -c <span style="color: rgba(128, 0, 128, 1)">3</span> -C <span style="color: rgba(128, 0, 128, 1)">3</span> -s <span style="color: rgba(128, 0, 128, 1)">2</span><span style="color: rgba(0, 0, 0, 1)">
W</span><span style="color: rgba(128, 0, 0, 1)">'</span><span style="color: rgba(128, 0, 0, 1)">.Ix5Kvd1 </span>
<span style="color: rgba(0, 0, 0, 1)">
#2生成随机密码同时制定长度为20
# mkpasswd -l <span style="color: rgba(128, 0, 128, 1)">20</span><span style="color: rgba(0, 0, 0, 1)">
mMgfg7bfH</span>~<span style="color: rgba(0, 0, 0, 1)">5irgacvqna
#3生成默认长度随机密码
# mkpasswd
4kaxd2$WV
#4生成指定数字位数的密码
# mkpasswd -d <span style="color: rgba(128, 0, 128, 1)">3</span><span style="color: rgba(0, 0, 0, 1)">
ob4e}1NL2
#5为用户更改随机密码,当然如果想知道生成的密码需要配合shell来操作,这种方法适用于为很多用户修改随机密码。
# <span style="color: rgba(0, 0, 255, 1)">echo</span> `mkpasswd -l <span style="color: rgba(128, 0, 128, 1)">10</span>` | <span style="color: rgba(0, 0, 255, 1)">passwd</span> --stdin root </pre>
</div>
<p> </p><br><br>
来源:https://www.cnblogs.com/joshua317/p/14121401.html
頁:
[1]