#!/usr/bin/bash
## Copyright © 2013 Bret Human
## https://cynop.me/
##
##    Documentation at:
## https://psi.cynop.me/Caffarius/masspass
##
## For questions or comments write:
##    info@cynop.me
#
# Uses Expect to massively update root passwords.
#
# Prereq: Install freaking expect or run it from a server
#         that already has it.
#
# You need three additional files. "meh" will have the new
# root password to update to. "rmeh" will have the current
# root password in it. "serverList.txt" is a list of all
# the servers you want updated (one server per line).
#
# If you don't have an ssh key in your ~/.ssh folder this
# is going to be a loooooooooooooooooooooooooooooooooooooo
# ooooooooooooooooooooooooooooooooooooong process for you.

# Username that will login to aaaaaaaaaall the servers.
# Yours will do just fine.

ohYou="foo"


# Your shell may not be my shell. What's the last character
# that is output before you can enter a command?
# Ex:
# root@server#
# So "#" in this example is the value we're looking for.

shellPrompt=">"


# We use flat files with passwords because it can be
# secured with chmod and doesn't leave our two biggest
# passwords on every clustered server's log files.

#         v File with the new root password you want.
meh=`more meh`
chmod 400 meh


#          v File with the current root password in it.
rmeh=`more rmeh`
chmod 400 rmeh


# File containing a list of servers to hit:
list="~/serverList"


# Use expect to, errr, expect things. Then do things!
while read thisHereServer; do
   expect -c "
   spawn ssh -o StrictHostKeyChecking=no -o CheckHostIP=no $ohYou@$thisHereServer
   expect \"$shellPrompt\"
   send \"ssu\n\"
   expect \"$shellPrompt\"
   send \"passwd root\n\"
   expect \"assword:\"
   send \"$meh\n\"
   expect \"assword:\"
   send \"$meh\n\"
   expect \"$shellPrompt\"
   send \"exit\n\""
done < $list


# Cleanup
rm meh
rm rmeh