#!/bin/bash
cd ~
echo $(date) start > rootpw_history
# Assume all servers are put in PROD.list
if [ -e PROD.list ]
then
USER=user
PASSWD=pass
cat PROD.list |while read HOST
do
TOKEN=$(mkpasswd -l 10 -s 0)
echo $HOST "$TOKEN" >> rootpw_history
# To avoid password exposed via ps output, this is the way to hide sensitive info.
expect <debug
log_file ~/rootpw_history
spawn ssh -l $USER $HOST
expect {
"yes/no" { send "yes\r"; exp_continue }
"*assword:" { send "$PASSWD\r" }
}
expect "*~]$"
send "sudo passwd \r"
expect "*assword*:"
send "$PASSWD\r"
expect "*UNIX password:"
send "$TOKEN\r"
expect "*new UNIX password:"
send "$TOKEN\r"
expect "*~]$"
send "exit \r"
EOF
echo $HOST done >> rootpw_history
done
else
echo No PROD.list found >> rootpw_history
fi
echo $(date) end >> rootpw_history
阅读(2341) | 评论(0) | 转发(1) |