Change linux password in a script, quietly

Asked 22/2, 2013 at 11:43 Answered 15/7, 2014 at 19:43

As part of trying to implement a security measure in my root ssh session, I'm trying to devise a method of starting a script after n seconds of root user login, and change the user password and logout the user automatically.

I'm getting stuck at trying to change the password silently. I have the following code:

echo -e "new\nnew" | passwd -q

This instead of changing the password "quietly" as mentioned in man pages, outputs this:

~/php-pastebin-v3 #echo -e "new\nnew" | passwd -q
Enter new UNIX password: Retype new UNIX password: passwd: password updated successfully

which doesnt help much.

I tried to pipe stdout and stderr, however I think I have misunderstood piping.

~/php-pastebin-v3 #echo -e "new\nnew" | passwd -q > /dev/null
Enter new UNIX password: Retype new UNIX password: passwd: password updated successfully

~/php-pastebin-v3 #echo -e "new\nnew" | passwd -q /dev/null 2>&1
passwd: user '/dev/null' does not exist

What's the correct method to change the password via a script, quietly?

Highgrade answered 22/2, 2013 at 11:43 Comment(4)

Try echo -e "new\nnew" | passwd -q 2>&1 /dev/null – Orthodontia 22/2, 2013 at 11:45

@Blender, that gives me: "passwd: user '/dev/null' does not exist" – Highgrade 22/2, 2013 at 11:54

Is this really secure or useful? – Hawser 22/2, 2013 at 12:16

@ColonelPanic The idea is that unless the process which starts the script is terminated in n seconds, the unauthorized user is kicked out of the system, authorized_keys is deleted, and only the new password can be used to login. So it's useful. About secure..bash scripts arent very secure, are they? :) – Highgrade 22/2, 2013 at 12:20

If you want to redirect both stdout and sterr:

echo "..." | passwd &> /dev/null

which is the equivalent of

echo "..." | passwd > /dev/null 2>&1

which means "redirect stdout to /dev/null and then redirect (duplicate) stderr to stdout". This way you redirect both stdout and stderr to null ... but it might not be enough (it will be in this case I believe). But theoretically the program might write directly to terminal. For example this script

$ cat test.sh
echo stdout
echo stderr 1 1>&2
echo stderr 2 >/dev/stderr
echo stderr 3 >/dev/fd/2
echo bad luck > /dev/tty

$ ./test.sh &> /dev/null
bad luck

To get rid even of this output you must force the program to run in pseudo terminal, for example http://empty.sourceforge.net/ . But that is just a side note &> /dev/null will work fine.

Dostie answered 10/5, 2013 at 19:53 Comment(0)

You can also do it that way:

mkpasswd
# Password:blah
# BVR2Pnr3ro5B2

echo "user:BVR2Pnr3ro5B2" | chpasswd -e

so the password is already encrypted in the script.

Ledaledah answered 15/7, 2014 at 19:43 Comment(0)

This worked for me

echo "passssssword" | passwd root --stdin > /dev/null

Notice: --stdin works for root user only

Habilitate answered 22/2, 2013 at 11:46 Comment(2)

Yes, I had tried that. However passwd on my server does not recognize --stdin option, even though I'm user root. – Highgrade 22/2, 2013 at 11:53

Worked for me only without --stdin flag, just send stdin – Beachhead 12/8, 2019 at 8:54

Recommended topics

Hot tags