Home >System Tutorial >LINUX >Safe ways to change passwords: multiple ways to avoid interaction
Regularly changing the password of the system is a very important security common sense. Generally, we use commands such as passwduser to change user passwords. However, this will enter the interactive mode, although it is not very convenient to use scripts in batches. Unless you use software like expect to change the password, do you need to install a separate software package to change the password? No, we may have many other ways to avoid interaction. Let’s write down the specific implementation method in detail:
The first type:
echo "123456"|passwd--stdinroot
Advantages: Convenient and fast
Disadvantages: If the command you enter can be captured by others through history or other methods, this method is very unsafe redflag linux. More importantly, if the password contains both single colons and double colons, it will not be possible. Change in these ways.
Description:
Change Linux passwords in batches passwd--stdinuser reads passwords from standard input, so users can use methods such as echoNewPasswd|passwd--stdinusername in scripts to batch change passwords. However, in some other distributions (such as Debian/Suse) The passwd provided does not support the --stdin parameter
The second type:
a. First write the username and password together into a temporary file.
catchpass.txt
root:123456
zhaohang:123456
b. Use the following command to change the user password:
chpasswd c. You can use 123456 to log in to the system and the password has been changed. Advantages: You can change multiple user passwords quickly and easily Disadvantages: Writing plain text passwords in files has always become insecure, and prevents the first change form from having special string passwords. The third type: a. Use opensslpasswd-1 to generate the user password and write it into the file together with the user name. catchpass.txt root:$1$ri2hceVU$WIf.firUBn97JKswK9ExO0 zhaohang:$1$i/Gou7.v$Bh2K6sXmxV6/UCxJz8N7b. b. Use the following command to change the user password: chpasswd-e c. You can use 123456 to log in to the system and the password has been changed. Advantages: You can change multiple user passwords quickly and easily Disadvantages: Compared with the previous two, security is greatly improved Additional introduction: The opensslpasswd-1 command can output the password on the shadow. Change the secret string generated by this command to the password in your shadow. Then you can log in with the password you generated when you logged in to the system last time. Use this command, Although the password is the same, the password string generated by multiple executions is also different. The password corresponding to that hash value is completely random and 28 bits long based on a 64-bit character encoding, so it is very difficult to crack it without creating an account using the hash value that has been published, even though the password file is published. It's also relatively safe. Using old unix hashes removes the -1 parameter. [root@WEB01~]#opensslpasswd-1 Password:123456 Verifying-Password:123456 $1$ri2hceVU$WIf.firUBn97JKswK9ExO0 You can also use the following command to generate it directly: [root@WEB01~]#opensslpasswd-1123456 [root@WEB01~]#opensslpasswd-1-salt"yoctor"123456 You can enter whatever you want for the salt in the command inside Since the password cipher text is encrypted by MD5 when setting the password Linux batch modification extension , when forming the hash value, the system will add salt to the cipher text and the cipher text cannot be reversely deciphered. When passwd is encrypted, the salt added by the system is the time Start the script on RedhatRedflagcentosfclinux system Sequentially: Step 1: Start vmlinuz through /boot/vm Step 2: init/etc/inittab Step 3: Start the corresponding scriptLinux to batch modify extensions, and open the terminal rc.sysinit rc.d (the script above) rc.local Step 4: Start the login interface to log in Step 5: The order of executing the sh script when the user logs in: It will be fully executed every time the user logs in /etc/profile.d/file /etc/profile /etc/bashrc /root/.bashrc /root/.bash_profile // Since there are no chpasswd and useradd commands in embedded systems, and some versions of the first method do not support --stdin, the following method can be used instead Add the following linux vps to /etc/profile, you can enter the normal user civintec after booting, instead of logging in as root by default passwdroot
The above is the detailed content of Safe ways to change passwords: multiple ways to avoid interaction. For more information, please follow other related articles on the PHP Chinese website!