Nice ansible playbook and supplemental Makefile for bulk change of default username on raspberry pi running on raspbian distribution. It can be easily modified for mass changing passwords on any templated virtual machines or devices.
For use just run:
make rename_pi_user i=10.0.0.1,10.0.0.2,10.0.3
Last active
February 1, 2022 13:57
-
-
Save Pristavkin/249138d7304f8298e95d1487fc011e8a to your computer and use it in GitHub Desktop.
Ansible mass rename of Pi users
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| rename_pi_user: | |
| @if [ "$(i)" ]; then ansible-playbook -i $(i), rename_pi_users.yml; else echo "Using: make -i=Rasspery_pi_hostnames_separeted_by_commas"; exit 1; fi |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| # On first stage we connect as pi user add our public key to root user | |
| - name: Stage one. (pi user, paramiko connection) | |
| hosts: all | |
| connection: paramiko_ssh | |
| become: yes | |
| gather_facts: no | |
| vars: | |
| # Default raspbian username | |
| ansible_user: pi | |
| # Default raspbian password | |
| ansible_ssh_pass: raspberry | |
| tasks: | |
| - name: set authorized_key for root user | |
| authorized_key: | |
| user: root | |
| state: present | |
| key: "{{ lookup('file', '~/.ssh/id_rsa.pub') }}" | |
| # On second stage we connect as root user and rename user and group of pi user and set secure password. | |
| - name: Stage two (root user, native ssh connection) | |
| hosts: all | |
| connection: ssh | |
| become: no | |
| gather_facts: no | |
| vars: | |
| # Default raspbian username | |
| ansible_user: root | |
| # New user name will be set from newuser variable. Please set it below. | |
| newuser: newuser | |
| # New group name will be set from newgroup variable. Please set it below. | |
| newgroup: newuser | |
| # It's very important to change the default password because "raspberry" is quite often password and will be checked by brute force attackers. | |
| # Use mkpasswd --method=sha-512 command on any Linux computer to generate a new one. | |
| # This example uses "VerySecureNon-RaspperyPassword". | |
| newpassword: "$6$a628D0BCzi$Q1D/WYKYftzs52gq2NlaWg1DBnfQqKVVBgJ8AYHxtnctSTDOxFwR.J3ZMIxKVEL2P5QCiBArjCTzraYUEdxOA/" | |
| tasks: | |
| - name: check if pi user exist | |
| command: id -un pi | |
| register: piuser | |
| ignore_errors: yes | |
| - name: kill all running pi user processes | |
| command: pkill -u pi | |
| when: | |
| piuser.rc == 0 | |
| - name: get default group name for pi user | |
| command: id -gn pi | |
| register: pigroup | |
| when: | |
| piuser.rc == 0 | |
| - name: rename pi group | |
| command: groupmod -n '{{ newgroup }}' '{{ pigroup.stdout }}' | |
| when: | |
| (piuser.rc == 0 and pigroup.stdout != newgroup) | |
| - name: rename pi user | |
| command: usermod -l '{{ newuser }}' -d /home/'{{ newuser }}' -m pi | |
| when: | |
| piuser.rc == 0 | |
| - name: set new password | |
| user: | |
| name: '{{ newuser }}' | |
| password: '{{ newpassword }}' | |
| when: | |
| piuser.rc == 0 | |
| - name: set authorized_key for new user | |
| authorized_key: | |
| user: '{{ newuser }}' | |
| state: present | |
| key: "{{ lookup('file', '~/.ssh/id_rsa.pub') }}" | |
| when: | |
| piuser.rc == 0 |
I'm trying to use the above but i keep getting this error '''TASK [kill all running pi user processes] **************************************
fatal: [192.168.1.169]: UNREACHABLE! => {"changed": false, "msg": "Failed to connect to the host via ssh: Shared connection to 192.168.1.169 closed.", "unreachable": true}''' and wondered if you had any advice? The other tasks behorehand seem to run okay. This is the full playbook
# On first stage we connect as pi user add our public key to root user
- name: Stage one. (pi user, paramiko connection)
hosts: 192.168.1.169
connection: paramiko
become: yes
gather_facts: no
vars:
# Default raspbian username
ansible_user: pi
# Default raspbian password
ansible_ssh_pass: raspberry
# On second stage we connect as root user and rename user and group of pi user and set secure password.
- name: Stage two (root user, native ssh connection)
hosts: 192.168.1.169
connection: ssh
become: no
gather_facts: no
vars:
# Default raspbian username
ansible_user: pi
# New user name will be set from newuser variable. Please set it below.
newuser: matt
# New group name will be set from newgroup variable. Please set it below.
newgroup: matt
# It's very important to change the default password because "raspberry" is quite often password and will be checked by brute force attackers.
# Use mkpasswd --method=sha-512 command on any Linux computer to generate a new one.
# This example uses "VerySecureNon-RaspperyPassword".
newpassword: "Password"
tasks:
- name: check if pi user exist
command: id -un pi
register: piuser
ignore_errors: yes
- name: kill all running pi user processes
command: pkill -u pi
when:
piuser.rc == 0
- name: get default group name for pi user
command: id -gn pi
register: pigroup
when:
piuser.rc == 0
- name: rename pi group
command: groupmod -n '{{ newgroup }}' '{{ pigroup.stdout }}'
when:
(piuser.rc == 0 and pigroup.stdout != newgroup)
- name: rename pi user
command: usermod -l '{{ newuser }}' -d /home/'{{ newuser }}' -m pi
when:
piuser.rc == 0
- name: set new password
user:
name: '{{ newuser }}'
password: '{{ newpassword }}'
when:
piuser.rc == 0
- name: set authorized_key for new user
authorized_key:
user: '{{ newuser }}'
state: present
Thanks for any help
UNREACHABLE! => {"changed": false, "msg": "Failed to connect to the host via ssh: Shared connection to 192.168.1.169 closed.", "unreachable": true}'''
I think your raspberry don't run ssh server.
Check this guide to fix it.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Thanks for this! This is exactly what I was looking for, and has helped me start learning Ansible. 🥇