Changing Linux User Password in One Command Line

In Linux, we use passwd to change password, but passwd requires input from stdin to get the new password. It is common case that we may want to change the password non-interactively, such as creating new user accounts and change or set password for these accounts on a number of Linux boxes when the new user creating can be done by one command line. With the help of pipe and a little tricky, we can change user’s password in one command line. This will save much time especially when creating a batch of user accounts.

We use one example to introduce how to change Linux user’s password in one command line. Suppose we login as root and want to change user linuxuser‘s password to linuxpassword.

The passwd command asks for the new password twice. And these two inputs (the same password) is separated by one “Enter”. We can emulate this by the echo command with the -e option set. When -e is in effect, escaped characters will be interpreted. Hence, n in echo’s input is echoed as “new line”. In addition, on modern Linux with sufficiently new passwd, you can use the --stdin option to let passwd accept a password from the STDIN instead of asking for the new password twice.

So to change the password in our example, we just execute this one command:

# echo "linuxpassword" | passwd --stdin linuxuser

on modern Linux. (Thanks to DAVID for this tip)

or

# echo -e "linuxpassword\nlinuxpassword" | passwd linuxuser

This can also be put into one bash script or executed on remote node by the ssh command.

For example, we can change the password of linuxuser on a batch of servers (100 servers: 10.1.0.1 to 10.1.0.100) by:

# for ((i=1;i<=100;i++)); do \
ssh 10.1.0.$i 'echo -e "linuxpassword\nlinuxpassword" | passwd linuxuser'; \
done;

Even further, we can create one user and set its initial password remotely by:

# ssh remoteserver \
'useradd newuser; echo -e "passwdofuser\npasswdofuser" | passwd newuser'

If you want to update your own password as a normal user, you may use

$ echo -e "your_current_pass\nlinuxpassword\nlinuxpassword" | passwd

Security notes
You must be aware that the full command line can be viewed by all users in the Linux system and the password in the command line can be potentially leased. Only for cases where this is okay, you may consider using the method here.

Alternative method using chpasswd
chpasswd is a nice tool to change a batch of accounts’ passwords in one Linux box. It can be used to change a user’s password in one command line too. Check its manual for how to use it.

Eric Ma

Eric is a systems guy. Eric is interested in building high-performance and scalable distributed systems and related technologies. The views or opinions expressed here are solely Eric's own and do not necessarily represent those of any third parties.

39 comments:

  1. I got a problem,

    when I was trying to changing the password of aaa,

    sudo echo -e "abcd1234\nabcd1234" | passwd aaa

    however, error pumps up,

    passwd: You may not view or modify password information for aaa

    I think there are some security setting with the system, which did not allow me to do so,

    how to solve this out.

    thanks a lot.

  2. Neither solution works for /bin/sh
    Enter new UNIX password: Retype new UNIX password: passwd: Authentication token manipulation error
    passwd: password unchanged

    They work only for /bin/bash
    Any solution to /bin/sh?

    Thanks in advance

    1. Did it work for you under /bin/bash? That’s interesting.

      What’s your exact command and the output?

      And which OS are you working on? I believe my OS (Fedora 22) has quite different messages printed out from yours:

      $ passwd
      Changing password for user zma.
      Changing password for zma.
      (current) UNIX password:

      Showing us `passwd –help` will also be helpful to answer your question.

      1. echo -e “changedpassword\ntestingpassword\ntestingpassword” | passwd

        I wrote it as a shell script and executed but password authentication failure.

        the same code is exucuted on a terminal and seems to be working fine

        how can i solve the problem

  3. What if I have normal user access on each remote server and I want to change all remote servers
    password which contains same username. I think it will ask for password if haven’t configure password less auth.

    In this case what command helps.

    Thanks in advance

  4. its giving token manipulation error.
    for ((i=1;i<=100;i++)); do ssh 10.1.0.$i 'echo -e "linuxpassword\nlinuxpassword" | passwd linuxuser'; done;

    firstly its giving error that only root user can specify the username as I was logging with a standard user.
    After this I tried with this one
    for ((i=1;i<=100;i++)); do ssh 10.1.0.$i 'echo -e "linuxpassword\nlinuxpassword" | passwd '; done;

    then its token manipulation error.

    thanks a lot

    1. When you update your own password, `passwd` command requires 3 input, one of your current password and twice of your new password. So the command may be:

      for ((i=1;i<=100;i++)); do ssh 10.1.0.$i 'echo -e "your_current_passnlinuxpasswordnlinuxpassword" | passwd '; done;
    1. In general, you have at least two methods to do actions to each item in a line in a text file txt:

      for i in `cat txt`; do echo $i; done
      

      Here, there should be no space in each item.

      or

      while read i; do echo $i; done <txt
      

      You can replace the `echo $i` with the actions you would like to do (calling passwd in this example).

  5. Hi,

    I tried your provided method on changing password of SUN Solaris but somehow solaris is not taking provided password parameter and post hitting enter asking password.

    please help.

    1. Unix like Solaris may have a different convention for the `passwd` command. The `–stdin` method seems not supported. I am not sure whether the 2nd method works. Sorry, I did not have a Solaris to test.

  6. When -e is in effect, escaped characters will be interpreted. Instead of “When ‘-e‘ is in effect, ‘n‘ in echo’s input is echoed as “new line”.” Just a minor tweak for clarity. Thank you for the tip. Used it in a script to set up new servers quickly!

  7. Hi,

    I also have a SOLARIS based machine. I want to find a solution to change the password with only one line because I want to change it via Java app. I tried lots of versions of echo but no success.
    Please, can someone give a solution to change the password on a SOLARIS based server? It would be much appreciated. PS: i am just a basic user, not the root.

  8. I’ve had a hard time getting this to work, I was getting this:

    echo -e “linuxpassword\nlinuxpassword” | passwd linuxuser
    Enter new UNIX password: Retype new UNIX password: Sorry, passwords do not match
    passwd: Authentication token manipulation error
    passwd: password unchanged

    Turns out that I was on sh instead of bash as it is the default shell for docker build…
    I had to tell it to use bash in the dockerfile like so:
    RUN [“/bin/bash”, “-c”, “echo -e ‘linuxpassword\nlinuxpassword’ | passwd linuxuser”]

  9. HI Eric,

    Thanks for the post. My question is I have to change root password on 100 plus servers with different passwords which should generate using mkpasswd like # mkpasswd -l 8 -d 1 -c 0 -s 1 and generated passwords along with server names should store in a file. How can we achieve this though script. Thanks in advance for your support.

    Example : This is for single server. Want it for 100 servers where my servers name is stored in servernames.txt file as
    server1
    server2
    #!/bin/bash
    usepasswd=$(mkpasswd -l 8 -d 1 -c 0 -s 1)
    echo “$usepasswd” > /root/rpwansiclient.txt
    ssh root@server1 “echo $usepasswd|passwd root –stdin”
    #

    Regards,
    Vasu

    1. You can extend your script by using a `for` loop. For example,

      #!/bin/bash
      for svr in `cat servernames.txt`; do
      usepasswd=$(mkpasswd -l 8 -d 1 -c 0 -s 1)
      echo “$svr $usepasswd” >> /root/rpwansiclient.txt
      ssh root@$svr “echo $usepasswd | passwd root –stdin”
      done

  10. Does this cause security concerns with the username and password contained all on the same command line? I thought all commands were logged somewhere.

    1. If you are running under ‘root’ in bash, the command is logged under ~/.bash_history. This file should be only accessible by root by common Linux configurations.

      During the execution of the command, there is a very short period of time the other users can see the command. Putting the password in a file and then use a command like `cat passfile | passwd –stdin username` may get rid of this.

      If the password is very sensitive, typing manually may be safer.

    1. # echo 'your$pass' | passwd --stdin user1
      Changing password for user user1.
      passwd: all authentication tokens updated successfully.

  11. Thanks very much for this!

    One thing I observed, is a password ending in an “!” messed with the command. for example:

    echo -e “Password!\nPassword!” | passwd testuser

    Fails with:

    bash: !\nPassword!”: event not found

    I don’t understand this enough to know why, but just wanted to pass it on

    1. Looks a nice tool, especially useful for batch account password changing. Thanks for sharing this.

  12. Hi Eric,

    I have One scenario.
    password for my user “abc” expired.
    I am trying to connect “abc” from “xyz” user via “ssh abc@IPADDRESS”(using passwordless Authentication ) and it asks below
    WARNING: Your password has expired.
    You must change your password now and login again!
    Changing password for user abc.
    Changing password for abc.
    (current) UNIX password

    I dont want to make any changes in password policy or chage -l abc.

    Is there any way i can connect by using “ssh abc@IPADDRESS” and skip that warning
    of changing password.

    Regards,
    Manish J

  13. im using ubuntu on windows 10.how to create password ?.
    its asking for password while using sudo command

  14. to me work with this sentence:
    for ((i=1;i<=100;i++)); do ssh 10.1.0.$i 'echo "linuxpassword\nlinuxpassword" | passwd '; done;

  15. While you are creating a script I recommend using it as bellow, due to probably encoding(?) differences. For example in my case ‘new line’ – ‘\n’ doesn’t work… Using the console i must type ‘^J’, and this mean ‘new line’ in my system.

    echo -e “password //(just type enter)
    password” | sudo passed user

  16. Hi Sir,

    I am using Oracle Solaris. May I know how do I create assign default password for new user? The example above is not working for Oracle Solaris.

    Hope to hear from you.

  17. Hi Sir,

    I am using Oracle Solaris. May I know how do I create assign default password for new user? The example above is not working for Oracle Solaris.

    Hope to hear from you.

Leave a Reply

Your email address will not be published. Required fields are marked *