| Checking Linux Account PasswordKrazyWorks

Networking

Unix and Linux network configuration. Multiple network interfaces. Bridged NICs. High-availability network configurations.

Applications

Reviews of latest Unix and Linux software. Helpful tips for application support admins. Automating application support.

Data

Disk partitioning, filesystems, directories, and files. Volume management, logical volumes, HA filesystems. Backups and disaster recovery.

Monitoring

Distributed server monitoring. Server performance and capacity planning. Monitoring applications, network status and user activity.

Commands & Shells

Cool Unix shell commands and options. Command-line tools and application. Things every Unix sysadmin needs to know.

Home » Featured, Security

Checking Linux Account Password

Submitted by Igor on October 8, 2020 – 1:46 pm

On occasion you may need to check if an account has a specific password. For example, when you build VMs, you may use some default passwords for some default accounts (i.e. root) that should be changed later by your password management application.

Except that the password management application in question is about as reliable as a Nigerian bank. In the example below we are checking if the root account is using the default password that should’ve been changed, but, for some reason, wasn’t.

Note: this process requires the sshpass utility that can be installed with yum -y install sshpass or apt-get install sshpass. You also need to have openssl installed, but you probably already have it.

# Enter the known password
read -s p

# Set the username
u=root

if [ -x /usr/bin/sshpass ]
then
  if [ $(/usr/bin/sshpass -p "${p}" /usr/bin/openssl passwd -$(/bin/grep -m1 "^${u}:" /etc/shadow | \
  awk -F':' '{print $2}' | awk -F'$' '{print $2}') \
  -salt $(/bin/grep -m1 "^${u}:" /etc/shadow | \
  awk -F':' '{print $2}' | awk -F'$' '{print $3}') | \
  /bin/grep -wc "$(/bin/grep -m1 "^${u}:" /etc/shadow | \
  awk -F':' '{print $2}')") -gt 0 ]
  then
    echo "$(date +'%Y-%m-%d %H:%M:%S'),$(hostname | awk -F'.' '{print $1}'),change ${u} password"
  fi
fi

Sample run:

root@DESKTOP-GKM9P85:~/twurl/bin# u=igor
root@DESKTOP-GKM9P85:~/twurl/bin# read -s p
root@DESKTOP-GKM9P85:~/twurl/bin# if [ -x /usr/bin/sshpass ]
> then
>   if [ $(/usr/bin/sshpass -p "${p}" /usr/bin/openssl passwd -$(/bin/grep -m1 "^${u}:" /etc/shadow | \
>   awk -F':' '{print $2}' | awk -F'$' '{print $2}') \
>   -salt $(/bin/grep -m1 "^${u}:" /etc/shadow | \
>   awk -F':' '{print $2}' | awk -F'$' '{print $3}') | \
>   /bin/grep -wc "$(/bin/grep -m1 "^${u}:" /etc/shadow | \
>   awk -F':' '{print $2}')") -gt 0 ]
>   then
>     echo "$(date +'%Y-%m-%d %H:%M:%S'),$(hostname | awk -F'.' '{print $1}'),change ${u} password"
>   fi
> fi
2020-03-25 16:18:22,DESKTOP-GKM9P85,change igor password
root@DESKTOP-GKM9P85:~/twurl/bin#

Here’s an example of how to run this command via Salt cmd.run on multiple systems. It’s just a matter of escaping the right $ and ":

# Enter the known password
read -s p

# Set the username
u=root

salt "prod*" cmd.run "if [ -x /usr/bin/sshpass ]; then if [ $(/usr/bin/sshpass -p \"${p}\" /usr/bin/openssl passwd -$(/bin/grep -m1 \"^${u}:\" /etc/shadow | awk -F':' '{print \}' | awk -F'$' '{print \}') -salt $(/bin/grep -m1 \"^${u}:\" /etc/shadow | awk -F':' '{print \}' | awk -F'$' '{print \}') | /bin/grep -wc \"$(/bin/grep -m1 \"^${u}:\" /etc/shadow | awk -F':' '{print \}')\") -gt 0 ]; then echo \"$(date +'%Y-%m-%d %H:%M:%S'),$(hostname | awk -F'.' '{print \}'),change ${u} password\"; fi; fi 2>/dev/null" 2>/dev/null