"Kasini3000" batch modify the password for windows node
https://gitee.com/chuanjiao10/kasini3000
win,linux devops automation batch script framework.(It is similar to ansible)
Open source, free, cross-platform
English manual: https://gitee.com/chuanjiao10/kasini3000/blob/master/docs/kasini3000_manual.xlsx
script dependencies 【c:\Users\your_name\Documents\kasini3000\nodelist.csv】
Random number of batch generated passwords:
A 16 bit case plus numeric password is generated by default
You can control this script to limit random numbers.
c:\ProgramData\kasini3000\cs产生随机数.ps1
For example, there are no specific letters
Generate passwords in batch and write nodelist.csv:
c:\ProgramData\kasini3000\cs产生所有被控机旧密码并写入nodelist.ps1
After running this script, a 16 bit case plus number random number will be written in the [old password] field of nodelist.csv.Run the script again and regenerate and rewrite nodelist.csv.
For the Linux node in nodelist.csv, the random number password will also be generated,But I didn't write a script to batch modify Linux passwords.
From win master,remote to win node, batch password modification:
c:\ProgramData\kasini3000\zkj_s所有win被控机改密码_验证周期_改密码_验证_对调密码_写入时间戳.ps1
The script will only change the password of win.The script will verify after modifying the win password.
After verifying that the password change is successful, the string in the [current password] and [old password] fields will be exchanged and written into the [password change time] field.
Running the script again does not change the password back,Unless the parameter [- force_change_pwd] is used.
There is a default password modification cycle times limit.The value is 30 days.The variable is in [$global:被控机密码_变更周期] of [c:\Users\your_name\Documents\kasini3000\config. PS1] file.
Script use powershell’s foreach keyword to change each password. Load kasini3000 main script [c:\ProgramData\kasini3000\k-console.ps1] befor change password.
Parameter to write log file:
-write_Log
Log file location:
c:\Users\your_name\Documents\kasini3000\卡死你3000日志文件.txt
Linux node, batch password modification:
No script is written. The user writes the script himself.
Linux node, change ssh-key-file:
Secret key: rsa-4096
kasini3000 [auto update secret key] design is that [there are and only 2 public keys] will:
1Try connecting with 2 secret keys.
2Automatically update the public key.
gx更新主控机ssh秘钥1.ps1
#Update at any time, and ssh-key-file1 will be backed up
gx更新主控机ssh秘钥2z.ps1
#Within 10 days after the update of ssh-key-file1, it is forbidden to update secret key 2, and secret key 2 will not be backed up
gx更新主控机上的_双公钥文件authorized_keys.ps1
#The Linux public key is 2-in-1 on the master computer to generate a file containing double public keys and store it in the
c:\Users\your_name\Documents\kasini3000\kasini3000\ssh_key_files_old1\
Push the updated secret key from the master computer to each node:
Cdip IP
More secure instructions for kasini3000 secret key:
Initially, at node [/root/. SSH/authorized_keys here is only one public key in keys.
If you want to change the secret key, use SSH copy ID, which will add a line and a public key to the above file.
SSH copy Id only ADDS the public key.
The result is:
Many private keys can be used to connect the node,
/root/.ssh/authorized_keys
There are many abandoned public keys in keys, and there may be public keys inserted by hackers according to vulnerabilities. unsafe.
Conclusion:
There are only 2 public keys in kasini3000 node.
In the node of SSH copy ID replication, there are multiple public keys!
SSH-copy-ID sacrifices security for compatibility!
posted on 2021-12-14 23:49 PowerShell免费软件 阅读(69) 评论(0) 编辑 收藏 举报