Nice ansible playbook and supplemental Makefile for bulk change of default username on raspberry pi running on raspbian distribution. It can be easily modified for mass changing passwords on any templated virtual machines or devices.
For use just run:
make rename_pi_user i=10.0.0.1,10.0.0.2,10.0.3
Last active
February 1, 2022 13:57
-
-
Save Pristavkin/249138d7304f8298e95d1487fc011e8a to your computer and use it in GitHub Desktop.
Ansible mass rename of Pi users
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| rename_pi_user: | |
| @if [ "$(i)" ]; then ansible-playbook -i $(i), rename_pi_users.yml; else echo "Using: make -i=Rasspery_pi_hostnames_separeted_by_commas"; exit 1; fi |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| # On first stage we connect as pi user add our public key to root user | |
| - name: Stage one. (pi user, paramiko connection) | |
| hosts: all | |
| connection: paramiko_ssh | |
| become: yes | |
| gather_facts: no | |
| vars: | |
| # Default raspbian username | |
| ansible_user: pi | |
| # Default raspbian password | |
| ansible_ssh_pass: raspberry | |
| tasks: | |
| - name: set authorized_key for root user | |
| authorized_key: | |
| user: root | |
| state: present | |
| key: "{{ lookup('file', '~/.ssh/id_rsa.pub') }}" | |
| # On second stage we connect as root user and rename user and group of pi user and set secure password. | |
| - name: Stage two (root user, native ssh connection) | |
| hosts: all | |
| connection: ssh | |
| become: no | |
| gather_facts: no | |
| vars: | |
| # Default raspbian username | |
| ansible_user: root | |
| # New user name will be set from newuser variable. Please set it below. | |
| newuser: newuser | |
| # New group name will be set from newgroup variable. Please set it below. | |
| newgroup: newuser | |
| # It's very important to change the default password because "raspberry" is quite often password and will be checked by brute force attackers. | |
| # Use mkpasswd --method=sha-512 command on any Linux computer to generate a new one. | |
| # This example uses "VerySecureNon-RaspperyPassword". | |
| newpassword: "$6$a628D0BCzi$Q1D/WYKYftzs52gq2NlaWg1DBnfQqKVVBgJ8AYHxtnctSTDOxFwR.J3ZMIxKVEL2P5QCiBArjCTzraYUEdxOA/" | |
| tasks: | |
| - name: check if pi user exist | |
| command: id -un pi | |
| register: piuser | |
| ignore_errors: yes | |
| - name: kill all running pi user processes | |
| command: pkill -u pi | |
| when: | |
| piuser.rc == 0 | |
| - name: get default group name for pi user | |
| command: id -gn pi | |
| register: pigroup | |
| when: | |
| piuser.rc == 0 | |
| - name: rename pi group | |
| command: groupmod -n '{{ newgroup }}' '{{ pigroup.stdout }}' | |
| when: | |
| (piuser.rc == 0 and pigroup.stdout != newgroup) | |
| - name: rename pi user | |
| command: usermod -l '{{ newuser }}' -d /home/'{{ newuser }}' -m pi | |
| when: | |
| piuser.rc == 0 | |
| - name: set new password | |
| user: | |
| name: '{{ newuser }}' | |
| password: '{{ newpassword }}' | |
| when: | |
| piuser.rc == 0 | |
| - name: set authorized_key for new user | |
| authorized_key: | |
| user: '{{ newuser }}' | |
| state: present | |
| key: "{{ lookup('file', '~/.ssh/id_rsa.pub') }}" | |
| when: | |
| piuser.rc == 0 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
I think your raspberry don't run ssh server.
Check this guide to fix it.