"Kasini3000" batch modify the password for windows node

https://gitee.com/chuanjiao10/kasini3000

win,linux devops automation batch script framework.(It is similar to ansible)

Open source, free, cross-platform

English manual: https://gitee.com/chuanjiao10/kasini3000/blob/master/docs/kasini3000_manual.xlsx

script dependencies 【c:\Users\your_name\Documents\kasini3000\nodelist.csv】 

 

Random number of batch generated passwords:

A 16 bit case plus numeric password is generated by default

 

You can control this script to limit random numbers.

c:\ProgramData\kasini3000\cs产生随机数.ps1

 

For example, there are no specific letters

 

Generate passwords in batch and write nodelist.csv:

c:\ProgramData\kasini3000\cs产生所有被控机旧密码并写入nodelist.ps1

 

After running this script, a 16 bit case plus number random number will be written in the [old password] field of nodelist.csv.Run the script again and regenerate and rewrite nodelist.csv.

For the Linux node in nodelist.csv, the random number password will also be generated,But I didn't write a script to batch modify Linux passwords.

 

From win master,remote to win node, batch password modification:

c:\ProgramData\kasini3000\zkj_s所有win被控机改密码_验证周期_改密码_验证_对调密码_写入时间戳.ps1

 

The script will only change the password of win.The script will verify after modifying the win password.

After verifying that the password change is successful, the string in the [current password] and [old password] fields will be exchanged and written into the [password change time] field.

 

Running the script again does not change the password back,Unless the parameter [- force_change_pwd] is used.

There is a default password modification cycle times limit.The value is 30 days.The variable is in [$global:被控机密码_变更周期] of [c:\Users\your_name\Documents\kasini3000\config. PS1] file.

 

Script use powershell’s foreach keyword to change each password. Load kasini3000 main script [c:\ProgramData\kasini3000\k-console.ps1] befor change password.

Parameter to write log file:

-write_Log

Log file location:

c:\Users\your_name\Documents\kasini3000\卡死你3000日志文件.txt 

Linux node, batch password modification:

No script is written. The user writes the script himself.

 

Linux node, change ssh-key-file:

Secret key: rsa-4096

kasini3000 [auto update secret key] design is that [there are and only 2 public keys] will:

1Try connecting with 2 secret keys.

2Automatically update the public key.

 

gx更新主控机ssh秘钥1.ps1

 

#Update at any time, and ssh-key-file1 will be backed up

 

gx更新主控机ssh秘钥2z.ps1

 

#Within 10 days after the update of ssh-key-file1, it is forbidden to update secret key 2, and secret key 2 will not be backed up

 

gx更新主控机上的_双公钥文件authorized_keys.ps1

 

#The Linux public key is 2-in-1 on the master computer to generate a file containing double public keys and store it in the

c:\Users\your_name\Documents\kasini3000\kasini3000\ssh_key_files_old1\ 

Push the updated secret key from the master computer to each node:

Cdip  IP

 

More secure instructions for kasini3000 secret key:

Initially, at  node [/root/. SSH/authorized_keys here is only one public key in keys.

If you want to change the secret key, use SSH copy ID, which will add a line and a public key to the above file.

SSH copy Id only ADDS the public key.

The result is:

Many private keys can be used to connect the node,

/root/.ssh/authorized_keys

There are many abandoned public keys in keys, and there may be public keys inserted by hackers according to vulnerabilities. unsafe.

Conclusion:

There are only 2 public keys in kasini3000 node.

In the node of SSH copy ID replication, there are multiple public keys!

SSH-copy-ID sacrifices security for compatibility!