App::Unix::RPasswd - Change passwords on UNIX and UNIX-like servers on a simple, fast (in parallel) and secure (SSH) way.
App::Unix::RPasswd is an application for changing passwords on UNIX and UNIX-like servers on a simple, fast (in parallel) and secure (SSH) way. A salt-based retrievable "random" password generator, tied to the supplied server names and date, is included. This generated passwords, unique for each server, can be generated and automatically remotely applied. Because the salt is secret and the correct date string is required, the password for an specific server can only be regenerated by authorized personnel.
Perl 5.10 or higher is required.
The program has two modes. The default mode connects to remote targets and changes the password (optional) of the specified user (mandatory) on the supplied servers (mandatory). Optional valid parameters for this mode are sessions, ssh_args, reruns, timeout and debug. The built-in salted password generator can be used to create unique 'random' passwords for each server on the fly. In this case date (optional) and base (mandatory) are valid parameters for this mode.
The "generate_only" mode is used to (re-) generate salted passwords. In this mode only date (optional), base (mandatory), sessions (optional) and one of more servers (mandatory) are valid parameters.
From a security point of view, it is strongly advised to supply '-' as the base salt or password on the command line. The program will then ask interactively for the base salt or password. This program requires a ssh-key based remote root access.
Usage: rpasswd -u <user> -p <password> <server(s)> rpasswd -g -b <base salt> -date <YYYYMMDD> <server(s)> Options: --generate_only|-g: (re-)generate the salted password. --user|-u: remote user name. --password|-p: new password for remote user. --base|-b: base salt for encryption. --date|-d: date in YYYYMMDD format*. --ssh_args|-a: settings for the ssh client*. --reruns|-r: reruns for failed targets*. --sessions|-s: simultaneous sessions*. --timeout|-t: session timeout*. --debug: prints debug output*. --help|-h: print this help screen. --version|-v: prints the version number. *: optional
This parameter enables the (re-)generation of salted passwords.
This parameter sets the remote user name that will receive a new password.
This parameter sets the new password for the remote user. When "-" is supplied as argument, the program asks interactively for the password.
This parameter sets the base salt for encryption. When "-" is supplied as argument, the program asks interactively for the base salt. The salt can be between 1 and 8 characters. Longer salts are truncated.
This optional parameters sets the date string in a YYYYMMDD format (defaults to today).
This optional parameter sets additional settings for the ssh client (man ssh). If you dont (locally) run the program as root but have root access via ssh-keys you need to use --ssh_args "-l root". Quote the argument string.
This optional parameterre sets the reruns for failed targets (defaults to 0).
This optional parameter sets the simultaneous sessions (defaults to 5).
This optional parameter sets the session timeout in seconds (defaults to 20 seconds). While OpenSSH has the ConnectTimeout (passed as --ssh_args "-OConnectTimeout=<value>") that provides a similar funcionality, its for on Solaris, SunSSH, has not. This is a generic implementation that work on both ssh families.
This parameter prints debug output.
This parameter prints this help screen.
This parameter prints the version number.
Please report any bugs or feature requests to
bug-App-Unix-RPasswd at rt.cpan.org, or through the web interface at http://rt.cpan.org/NoAuth/ReportBug.html?Queue=App-Unix-RPasswd. I will be notified, and then you'll automatically be notified of progress on your bug as I make changes.
This distribution has been tested on GNU/Linux (Debian 6.0 and Ubuntu 10.10) running OpenSSH and Solaris 10 running SunSSH.
You can find documentation for this module with the perldoc command.
You can also look for information at:
The following non-core modules were used:
Claudio Ramirez <firstname.lastname@example.org>
Copyright 2010 Claudio Ramirez. This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.
This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
You should have received a copy of the GNU General Public License along with this program. If not, see <http://www.gnu.org/licenses/>.