cron for changing root passwords on servers periodically
How to set up a periodic root password reset cronjob on servers?
Overview: This article provides instructions for periodically resetting/rotate root passwords on servers, enabling automated password changes, and manually resetting passwords via the web GUI and shell.
Password rotation in SSH is an important security practice that helps mitigate the risk of unauthorized access due to compromised credentials. Here’s how to implement password rotation for SSH.
1. How to enable automated password change for all servers?
Step 1(A): In order to automatically reset the password on all servers, navigate to Settings - > Security - > Enable Automated Password Change.
2. How to view the updated password of the server from Ezeelogin GUI and shell (ezsh)?
Step 2(A): Login to Ezeelogin GUI, navigate to Servers -> + icon to view the server details.
Step 2(B): Login to Ezeelogin backend (ezsh), navigate to any server using the up and down arrow keys and lick on the tab key to view server details.
Make sure to keep the password management option to "Automatic" for password reset to work.
3.How to Set Up Periodic Password Resets/Password rotation
To set up a periodic password reset using cron jobs, you can schedule the script to run daily, weekly, or monthly based on your requirements. Here’s how to add those cron jobs to your server.
Below are examples of how to set up the cron job for daily, weekly, and monthly resets. Add the following lines to your crontab:
Daily Reset (at 1 AM every day):
0 1 * * * php /usr/local/ezlogin/mass_passwd_reset.php
Weekly Reset (at 1 AM every Sunday):
0 1 * * 0 php /usr/local/ezlogin/mass_passwd_reset.php
Monthly Reset (at 1 AM on the 1st of every month):
0 1 1 * * php /usr/local/ezlogin/mass_passwd_reset.php
Verify Cron Jobs: You can list your cron jobs to verify that they were added correctly:
root@gateway:~# crontab -l
This way, you can ensure periodic root password resets by enabling automated changes in Ezeelogin, verifying through the GUI or shell, and configuring the cronjob with the specified entry for seamless automation.
4. How to reset the password on selected servers?
Step 3(A): Login to Ezeelogin GUI, select the server -> click on the arrow button on the top-right corner -> Reset password on selected servers.
3. How to reset passwords on all servers?
Step 3(A): Keep the password management "Automatic" on all servers for reset password to work.
Step 3(B): Click on Reset password on all servers to reset passwords on all servers.
Related Articles:
Password management and the different options
How do I change the password management option for all remote servers?
Credential History in Ezeelogin
How to view the remote server password from the ezeelogin jump server?