Develop Reference

Linux - set new random password for user via script

I am writing a script in bash. part of it is to set a new random password for a user.
For now, I am generating random passwords with pwgen tool.
It looks like
pwgen -s 13 10 | head -1 > pasChange.txt
cat pasChange.txt: NOy3a8S53Jged
How can I set a random password as the user password? If you do have a different method I will be glad to hear.
Thanks!

I found an easy solution for anyone who's interesting.
sudo apt-get install pwgen ## Install pgwen
pwgen -s 13 10 |head -1 > change_pas.txt ## Insert random string into txt file
yes `cat change_pas.txt` | sudo passwd pi ## Change the password to the string in
the txt file

I want to modify this bash script to not ask for password for each file

I want to modify this bash script to not ask for password for each file but look for password in the following file /home/user/Documents/pass.txt
I got this nice script on GIT hub and it works but it prompts me for passphrase for each file I want to encrypt, I would like to modify the script to seek password from a text file in /home/user/Documents/pass.txt and read the password in the pass.txt file and encrypt all files in the directory using siad password
Please Help I have been doing this manually for the past 2 weeks
#!/bin/bash
# This uses gpg to encrypt every file in a directory as separate
# encrypted files
# Usage
# ./encrypt-all.sh ./dir-of-files-to-encrypt "PASSPHRASE"
FILES="$1"
PASSPHRASE="$2"
pushd $FILES
for file_name in ./*; do
enc_name="$file_name.gpg"
echo "Encrypting $file_name"
gpg \
--passphrase "$PASSPHRASE" \
--batch \
--output "$file_name.gpg" \
--symmetric \
--cipher-algo AES256 \
"$file_name"
echo "Done! Output: $gpg_name"
done
popd

Use --passphrase-file instead of --passphrase, to indicate the name of the file whose first line is the passphrase to use.

Shell script to remove files from multiple host

I have a script, which ssh’s into a list of host’s and deletes files. The problem that I am facing is that when the deletion happens the console asks’s for password.
To get around that I know use the below code which hardcodes the password
time cat ../hosts.txt | xargs -P 16 -I foo ssh foo ' echo "MYPASSWORD" | sudo -kS rm -rf /tmp/randomfile*'
Is there any way to avoid hardcoding the password?

You could set up a ssh-agent.
I would suggest using a ssh-key, you could check this article describing how to create it and add it to your ssh-agent:
https://help.github.com/articles/generating-a-new-ssh-key-and-adding-it-to-the-ssh-agent/

Change Password every week for root user script

I got request to change root Password for every 10 days in all Linux based machines and these are production machines and Enabled with grub password so in case we forgot/missed password both root/grub password we cannot recover.
I have wrote a simple script which redirect password to file that is nfs shared file. So it writes password to nfs shared file for every week.
Below is the file format
Machine1:
Machine2:
Machine3:
we will execute script like
sh autopass.sh Machine1
so it change root Password for the Machine1 and replace Machine1 old Password with new Password in nfs share file. So we will send password to authorized users every week
Below is script
#!/bin/sh
#Function to create Random Password
function randpass() {
[ "$2" == "13" ] && CHAR="[:alnum:]" || CHAR="[:graph:]"
cat /dev/urandom | tr -cd "$CHAR" | head -c 8
echo
}
#Get Random Password to rootnewpass variable
rootnewpass=`randpass`
#Replace new password in file rootpass
sed -i "s/^\(${1}:\).*/\1${rootnewpass}/" /nfs/rootpass
#Change new Password using new random generated keyword
echo -e "root:$rootnewpass" | chpasswd
So Now I wanted here is my approach is good or any other way is better to implement this. Here concern is at any chance i should not misplace the password meaning should not redirect wrong password to file.
Same concept I am using for grub password as well.
Note: All machines should not have same root password and hence i have opted this option.
Please advice

You can change the password of the root user on a batch of servers (100 servers: 10.1.0.1 to 10.1.0.100) by:
# for ((i=1;i<=100;i++)); do \
ssh 10.1.0.$i 'echo -e "newpassword\nnewpassword" | passwd --stdin root'; \
done;
Make it a cron job and this should work.

gpg decryption giving error in LINUX "can't query passphrase in batch mode"

Hi im using gpg to decrypt a file in linux, im using
shell_exec("gpg --batch --passphrase-file $passphrase_file -d $encrypted_file");
to decrypt the file, but im getting the following errors.
gpg: gpg-agent is not available in this session
gpg: can't query passphrase in batch mode
gpg: Invalid passphrase; please try again ...
gpg: can't query passphrase in batch mode
gpg: Invalid passphrase; please try again ...
gpg: can't query passphrase in batch mode

This error makes it appear that the commaand doesnt like to be run using shell_exec (similar to how sudo/ssh warns about needing a tyy when run with shell_exec)::
gpg: gpg-agent is not available in this session
What happens if u run it directly from the shell prompt?
Also, make sure your not in safe mode:
shell_exec() (functional equivalent of backticks)
This function is disabled when PHP is running in safe mode.
Check with phpinfo()
check that the function is not disabled:
$ grep 'disable_functions' /etc/php.ini
Edit:
Also, try using putenv to point GNUPGHOME to your .gnupg folder.
It could be that the php script is being run as the httpd user and the gpg is expecting the 'user' user for your site.

I ran into a similar problem calling gpg from cron.
The command works fine when run from the command line or from a shell script. Running the command from cron fails with the same errors you're getting.
Two resources I found were a good gpg cheetsheet
And this answer on serverfault
I was able to get it to work after generating a gpg key.
gpg --gen-key
And then encrypt with:
gpg -e -r name#domain.tld backup_file.tgz

In order to decrypt gpg encrypted files using relevant passphrase file and running it through an applicative context, use the following formula:
gpg --no-tty --no-use-agent --yes --passphrase-file <pass-phrase-file>
--output <decrypted-file-path> --decrypt <encrypted-file-path>
example:
$ cd /home/app/gpg_example
$ ls -la
-rwxr-xr-x 3 user root 1000 Jan 1 00:00 secret_passphrase.txt
-rwxr-xr-x 3 user root 7000 Jan 1 00:00 encrypted-file.tar.gpg
$ gpg --no-tty --no-use-agent --yes --passphrase-file secret_passphrase.txt
--output decrypted-file.tar --decrypt encrypted-file.tar.gpg
$ ls -la
-rwxr-xr-x 3 user root 1000 Jan 1 00:00 secret_passphrase.txt
-rwxr-xr-x 3 user root 7000 Jan 1 00:00 encrypted-file.tar.gpg
-rwxr-xr-x 3 user root 6970 Jan 1 00:00 decrypted-file.tar # <= that's decrypted file.