Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations gkittelson on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
changing password without telneting
- Thread starter sgupte
- Start date
How about call the system admin? Hehe, just kidding. Do you mean how can you change the password without logging in to the console and without telnetting to the box?
In order to execute a command on the server, you have to have access to the server to execute the passwd command or to edit the /etc/passwd or shadow files manually. Without logging or telnetting in, there really isn't a way to tell the server to do what you want. You could of course use ftp to download and edit the passwd file and upload it back. You could write a custom cgi or script and execute it via the webserver but writing the script isn't trivial. You could also setup an e-mail alias that piped an email to a program that changed your password. E-mailing the alias'ed account would cause the password changer to run but again, writing the password changer isn't simple.
I think the answer to your question is no, there isn't a standard default way (at least that I with my limited knowledge am aware of) but there are a lot of ways to accomplish this with a little work.
Good luck,
GJ
In order to execute a command on the server, you have to have access to the server to execute the passwd command or to edit the /etc/passwd or shadow files manually. Without logging or telnetting in, there really isn't a way to tell the server to do what you want. You could of course use ftp to download and edit the passwd file and upload it back. You could write a custom cgi or script and execute it via the webserver but writing the script isn't trivial. You could also setup an e-mail alias that piped an email to a program that changed your password. E-mailing the alias'ed account would cause the password changer to run but again, writing the password changer isn't simple.
I think the answer to your question is no, there isn't a standard default way (at least that I with my limited knowledge am aware of) but there are a lot of ways to accomplish this with a little work.
Good luck,
GJ
YES!
SSH is the way to go, then if you also use sftp/scp then you can get rid of passwords for most things and use only keys, so that no passwords are on the wire plaintext.
I would suggest disabling telnet on any/all machines and moving to SSH anyway, due to telnet's insecurity.
john
SSH is the way to go, then if you also use sftp/scp then you can get rid of passwords for most things and use only keys, so that no passwords are on the wire plaintext.
I would suggest disabling telnet on any/all machines and moving to SSH anyway, due to telnet's insecurity.
john
It is possible to send and execute a script that can echo a new user into the passwdord file or a sed command to modify the file. The user must have access to an outside linux box that can generate the encryption. If shadow passwords are also used, the same script can modify the shadow file. I agree with jhoke, the best way is to disable telnet and ftp services and use ssh/scp. The only access then is through ssh. You can also set up a firewall with port forwarding to allow access with ssh. The rinetd daemon is all that is required and is a snap to set up.
- Status