OS账号默认30天密码过期,执行下面脚本刷新密码过期时间。
脚本先是从密码文件中读取用户和密码,再使用passwd命令行修改密码。然后过滤chage -l的关键信息判断密码是否修改成功。最后使用expect脚本对每个用户进行ssh登录并测试,确保用户可以正常登录。
#!/bin/bash
User_name="rescue appservice hwmaintain batches secadm osreadonly monitor backup"
BIZ_device=`ip a |grep '10.119.' |awk '{print $NF}'`
BIZ_IP=`cat /etc/sysconfig/network-scripts/ifcfg-$BIZ_device |grep "IPADDR=" |cut -d '=' -f2`
SYN_IP=`ip a |grep inet |grep "172.16." |awk -F" " '{print $2}' |awk -F"/" '{print $1}'`
cat /home/batches/$HOSTNAME-$BIZ_IP-password.log |while read test
do
user=`echo $test |awk -F' ' '{print $2}'`
passwd=`echo $test |awk -F' ' '{print $4}'`
pass_sh="echo \""${passwd}"\" |passwd --stdin $user"
echo "$pass_sh" >/tmp/test-$HOSTNAME-passwd.sh
sh /tmp/test-$HOSTNAME-passwd.sh
if [ $? == 0 ];then
rm -f /tmp/test-$HOSTNAME-passwd.sh
else
echo "ERROR,改密失败"
exit 1
fi
done
for i in $User_name; do
passwd=`cat /home/batches/$HOSTNAME-$BIZ_IP-password.log |grep $i |awk -F' ' '{print $4}'`
chage_date=`date |cut -d ' ' -f 2,3`
chage -l $i |grep 'Last password change' |grep "$chage_date" > /dev/null 2>&1
if [ $? -ne 0 ];then
echo "$i 密码过期时间未更新,密码可能修改失败"
fi
# 使用expect脚本登录并测试
expect << EOD
log_user 0
spawn ssh $i@$SYN_IP
expect {
-re "Are you sure you want to continue connecting*" {
send "yes\r"
exp_continue
}
"password:" {
send "$passwd\r"
expect {
"Last login:" {
puts "Login test is SUCCESSFUL for $i"
}
timeout {
puts "Login test is Unsuccessful for $i (timeout)"
}
}
}
"Permission denied" {
puts "Login test is Unsuccessful for $i (wrong password)"
}
timeout {
puts "Login test is Unsuccessful for $i (connection timeout)"
}
}
expect "$user@*" {
send "exit\r"
}
EOD
done