Reset Linux Password with SaltStack



  • Using Salt, it is pretty simple to set the password of a user that is in the local users list using the /etc/passwd and /etc/shadow system. There are two steps needed, however, because of the salt on the server. So if you are doing this for a group of servers, you need to generate the proper hash for each machine. You cannot apply the same password hash to all machines.

    First, find the saltname of your instance. I like to use UUIDs for them to avoid collissions, so my saltnames are pretty crazy, but very unique.

    # salt '7d7e67cx-e572-44f2-935c-2eeadb2692e3' shadow.gen_password mypassword
    7d7e67cx-e572-44f2-935c-2eeadb2692e3:
        $6$4dztz9zb$HgYJhr3S1hgmLD.klJNzHtAwlI/oz9CFNQ9S3XFdIB/Mk1SUavGX9ArpFTDuW8WhLkEVzIEo.xhGmFXyv5Nan.
    

    The last line there is the unique hash for that one box for 'mypassword'. Now that we know what it should be, we just need to apply it.

    # salt '7d7e67cx-e572-44f2-935c-2eeadb2692e3' shadow.set_password username '$6$4dztz9zb$HgYJhr3S1hgmLD.klJNzHtAwlI/oz9CFNQ9S3XFdIB/Mk1SUavGX9ArpFTDuW8WhLkEVzIEo.xhGmFXyv5Nan.'
    7d7e67cx-e572-44f2-935c-2eeadb2692e3:
        True
    

    That's it. Your password is set to whatever you chose.