Thursday, December 27, 2012

How to Change Root Password


This document will describe the process to change the root password on all Linux servers from srv0smx00 only. 
 
Document Creator    Last Modified 
Todd Walters    04/19/2009 
 
Alternate Options for Rocks or Clusters 
  • pdsh a [hostgroup] passwd  -h [ crypt password] does the same 
  • as does ‘ rocks run host’  passwd h  [crypt password ] 


Requirements 
  • Only run from srv0smx00 server. 
  • The /etc/security/access.conf file has been modified on all servers to allow root from srv0smx00. ssh keys have been set. This is a one way street, from smx00 > other servers only. 
  • The set_root_pw script is used to change the root passwd 
  • The set_root_pw script is located in /home/admins/sbin 
  • The change_root_pw.sh script is run by root from /root/bin and calls the set_root_pw script 
  • The exclude-list and serverlist files are stored in /root directory. 
  • It's a requirement that all root passwords are changed quarterly (Every 90 days). 
  • The process requires to be able to ssh from srv0smx00 to all remote servers. 
  • Server List = srv0smx00:/root/serverlist 
  • Server Exclude List = srv0smx00:/root/exclude-list 
  • Must have root access to run this command.  
How to Change Root Password 
  1. Login to srv0smx00 Admin Server 
  2. Switch user to root and edit serverlist if necessary 
    • [twalters@srv0smx00 ~]$ su - Password: [root@srv0smx00 ~]# vi  serverlist 
  3. Create encrypted password using htpasswd command or openssl command: 
    • [root@srv0smx00 ~]# openssl passwd -crypt Password: Verifying - Password: Warning: truncating password to 8 characters ENVqi0iUJRNAo 
  4. Add new encrypted password to set_root_pw script 
    • [root@srv0smx00 ~]# cd /home/admins/sbin 
    • [root@srv0smx00 sbin]# vi set_root_pw 
    • Go to this line and add date and new encrypted passwd: 
      • Comment out existing PW and add new line 
      • # Enter the encrypted password here       # password for 2009-04-14       ROOT_PW=ENVqi0iUJRNAo 
      • Save the file and close vi 
  5. Run change_root_pw.sh Script to change root password on all hosts listed in serverlist file. 
    • [root@srv0smx00 sbin]# /root/bin/change_root_pw.sh /root/serverlist 
    • .......... For results, please look at /tmp/change_root_pw.sh.serverlist.log 
    • [root@srv0smx00 sbin]# cat /tmp/change_root_pw.sh.serverlist.log srv0asxd11.mydomain.com changed srv0asxt11.mydomain.com changed srv0wsxt11.mydomain.com 
  1. Verify passwd was changed correctly by choosing random server from list and login as yourself then su - to root. 

No comments:

Post a Comment