'Re: Changing password on multiple zLinux servers'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       linux-390
Subject:    Re: Changing password on multiple zLinux servers
From:       Saulo Silva <maillist_saulo () yahoo ! com>
Date:       2007-10-30 13:29:21
Message-ID: 650128.44827.qm () web44904 ! mail ! sp1 ! yahoo ! com
[Download RAW message or body]

Hi all , 

Just to complete Robert's script there is a few procedures that I complement . 

Use ssh exchange key with root ID or another user that could sudo to root and create \
the same user in all server ( maybe because that root is better ) . The first time \
you should to put the password in all server but after that the work will be easiest \
. 

TIP : A good link to explain how to do that -> http://www.oreilly.com/pub/h/66

After that  create a list of the server  and change the script  to something like \
this  : 

for SERVER in $(cat list_of_servers) ; do 
   ssh root@${SERVER}  '${1}'
   if [ $? -eq 0 ] ; then 
     echo  "Command $1 in $SERVER execute OK"
   else 
      echo  " Error in $SERVER execution "
  fi 
done 

in that way you can use this script to the most of the commands that you need to run \
in more than one server . 

You can use cp send in a rexx script too . 

Best Regards, 

Saulo Augusto Silva 
IBM zLinux Support 
 


RPN01 <Nix.Robert@mayo.edu> wrote: To expand James' answer a bit (I've never used the \
chpasswd command):

for I in system1 system2 system3 ; do
  ssh root@$I 'echo "user:newpass" | chpasswd'
done

The list of systems could be given by hand, as above, or could be pulled
from a file, as in "for I in `cat system.names` ; do" (not sure what the
various e-mail programs will do with that, but those are back-ticks around
the cat command.

You can speed this process up by trading a public key with all the servers
involved, such that you wouldn't need to enter a password for each server.
With that in mind, it would be a better idea to use another, properly
privledged userid, other than root, to perform the task. Maybe go with "ssh
pswdguy@$I 'echo "user:newpass" | sudo chpasswd'", and pass around a public
key for "pswdguy".

--
   .~.    Robert P. Nix             Mayo Foundation
   /V\    RO-OE-5-55                200 First Street SW
  /( )\   507-284-0844              Rochester, MN 55905
  ^^-^^   -----
        "In theory, theory and practice are the same, but
         in practice, theory and practice are different."




On 10/26/07 8:45 AM, "Richard Lynch"  wrote:

> CHAPLIN, JAMES (CTR) wrote:
> > Running zLinux as Guests on zVM is fantastic until it comes time to
> > reset your password across multiple servers. The guest servers are
> > multiply like rabbits. We are a shop new to Linux on the mainframe and
> > have a question.
> > 
> > Is there a way to apply without using LDAP, or to issue a series of
> > commands like passwd across multiple servers either through SSH or other
> > method from a single server. Where should I point my "learning curve" to
> > resolve this? I am new to scripting, but how different from REXX can it
> > be?
> > 
> > Thanks in advance for any comments and insight
> > James Chaplin
> > Systems Programmer
> > USCBP
> > 
> > ----------------------------------------------------------------------
> > For LINUX-390 subscribe / signoff / archive access instructions,
> > send email to LISTSERV@VM.MARIST.EDU with the message: INFO LINUX-390 or
> > visit
> > http://www.marist.edu/htbin/wlvindex?LINUX-390
> > 
> > 
> LDAP is clearly the perferred solution for this situation.  However, if
> you don't want to do that see chpasswd.  Somthing like...
> 
> echo 'user:newpass' | chpasswd
> 
> ... could be pushed out to the other servers using ssh.
> 
> ~rich
> 
> 
> 
> 
> --
> 
> ----------------------------------------------------------------------
> For LINUX-390 subscribe / signoff / archive access instructions,
> send email to LISTSERV@VM.MARIST.EDU with the message: INFO LINUX-390 or visit
> http://www.marist.edu/htbin/wlvindex?LINUX-390

----------------------------------------------------------------------
For LINUX-390 subscribe / signoff / archive access instructions,
send email to LISTSERV@VM.MARIST.EDU with the message: INFO LINUX-390 or visit
http://www.marist.edu/htbin/wlvindex?LINUX-390


 __________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 

----------------------------------------------------------------------
For LINUX-390 subscribe / signoff / archive access instructions,
send email to LISTSERV@VM.MARIST.EDU with the message: INFO LINUX-390 or visit
http://www.marist.edu/htbin/wlvindex?LINUX-390


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic