Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Change webGUI password in a 1-line command for scripting?

    General pfSense Questions
    5
    14
    10864
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D
      dylanh724 last edited by

      ^ Subject: How to?

      I am able to change root/admin in 1 line fine, but for webgui…. can't seem to figure this one out. It should be way easier to change than the root password, but can't find the way ;)

      Cheers~

      (Related = http://www.reddit.com/r/PFSENSE/comments/2risdw/how_to_change_webgui_password_in_a_1line_command/)

      1 Reply Last reply Reply Quote 0
      • jimp
        jimp Rebel Alliance Developer Netgate last edited by

        Changing the password for the GUI admin user resets root also in the shell. Never try to manage the passwords directly in the command line using the OS tools like pw, passwd, etc.

        On pfSense 2.2, you can use:

        pfSsh.php playback changepassword admin
        

        It will prompt for a new password and confirm it.

        1 Reply Last reply Reply Quote 0
        • D
          dylanh724 last edited by

          I never updated this topic – this was resolved by using a single line of code for SSH logins:

          Sudo required with a new account rather than root (root dumps you in PFS shell, which sucks for SSH)

          For SSH password change (NOT webgui pword -- that's below later), you can use this:

          echo "password" | sudo pw usermod your_user -h 0
          
          

          (Make sure to login via a new SSH account that gets dumped into regular shell instead of the EXTREMELY restrictive PFS shell sorry, but it is)

          As for webGUI pword, need KiTTY, which uses sort of an 'expect' style of scripting, so you can queue up commands with a delay (in combination with the above command – thanks bud):

          http://www.9bis.net/kitty/

          (Without KiTTY, it can't be done by normal SSH means since the cmd triggers a different, custom shell)

          It won't let me modify the subject to SOLVED, maybe because topic is too old? If a mod wants to, that'd be great – probably useful for others.

          For webGUI, use this kitty code and adjust to your own needs (this is for a new SSH account with sudo so that it logs into a shell instead of PFS shell -- you can use PFS shell with kitty, if you'd like, but need different code):

          (This changes webgui login from admin pw to admin2)

          kitty -ssh 192.168.0.1 -l adminssh -pw admin -cmd "sudo pfSsh.php playback changepassword\nadminssh\nadmin2\nadmin2\n\exit"
          
          1 Reply Last reply Reply Quote 0
          • D
            doktornotor Banned last edited by

            @dylanh724:

            I never updated this topic – this was resolved by using a single line of code for SSH logins:

            echo "password" | sudo pw usermod your_user -h 0
            
            

            Dude, which part of the "Never try to manage the passwords directly in the command line using the OS tools like pw, passwd, etc." advise from the pfSense developer you did not get? Plus why are you suggesting such crap when there's even a CLI way to do the same thing properly (as again hinted above)?

            1 Reply Last reply Reply Quote 0
            • D
              dylanh724 last edited by

              @doktornotor:

              @dylanh724:

              I never updated this topic – this was resolved by using a single line of code for SSH logins:

              echo "password" | sudo pw usermod your_user -h 0
              
              

              Dude, which part of the "Never try to manage the passwords directly in the command line using the OS tools like pw, passwd, etc." advise from the pfSense developer you did not get? Plus why are you suggesting such crap when there's even a CLI way to do the same thing properly (as again hinted above)?

              Know of another way? I don't. People use PFS for different things. I'd like a 1-click change password button that vanilla PFS doesn't offer. The CLI is 100% not script-friendly or I wouldn't have to use kitty.

              PFSense is a badass firewall, so the average user is trying to tighten security – but some people (like me) don't even use it for most of it's capabilities. I mostly use it for a custom captive portal that's very local

              1 Reply Last reply Reply Quote 0
              • D
                doktornotor Banned last edited by

                @dylanh724:

                Know of another way? I don't.

                Then stop suggesting people to use 300% wrong ways to do things, especially when being told so by the developers. The above is completely broken since it will not update the password stored in config.xml.

                1 Reply Last reply Reply Quote 0
                • H
                  heper last edited by

                  @jimp:

                  Changing the password for the GUI admin user resets root also in the shell. Never try to manage the passwords directly in the command line using the OS tools like pw, passwd, etc.

                  On pfSense 2.2, you can use:

                  pfSsh.php playback changepassword admin
                  

                  It will prompt for a new password and confirm it.

                  thats the other way ?

                  1 Reply Last reply Reply Quote 0
                  • D
                    dylanh724 last edited by

                    @doktornotor:

                    @dylanh724:

                    Know of another way? I don't.

                    Then stop suggesting people to use 300% wrong ways to do things, especially when being told so by the developers. The above is completely broken since it will not update the password stored in config.xml.

                    Hmm? I did no such thing! I specifically said "THIS only saves SSH new password", and then I said use kitty to use the EXACT cgi script that saves in the xml file. At least read my guide before insulting it -__-

                    For SSH password change (NOT webgui pword – that's below later),

                    (then the XML one below)

                    (This changes webgui login from admin pw to admin2)

                    Code: [Select]
                    kitty -ssh 192.168.0.1 -l adminssh -pw admin -cmd "sudo pfSsh.php playback changepassword\nadminssh\nadmin2\nadmin2\n\exit"

                    To be more specific, look here:

                    sudo pfSsh.php playback changepassword

                    KiTTY is 100% exactly the same as the above, just automated

                    1 Reply Last reply Reply Quote 0
                    • D
                      doktornotor Banned last edited by

                      @dylanh724:

                      Hmm? I did no such thing! I specifically said "THIS only saves SSH new password"

                      This

                      echo "password" | sudo pw usermod your_user -h 0
                      

                      saves no password whatsoever. Passwords are saved in config.xml which you completely bypass by your messing with shell. Period.

                      1 Reply Last reply Reply Quote 0
                      • R
                        rbarreto last edited by

                        Hi

                        I also need to change to webgui password from a script.

                        I'm working in one pfsense image to use with OpenStack.

                        For this reason, i need to change the both password to ssh and webgui. So the user-end may get the password from the retrieve password openstack function.

                        I'm using bsd-cloudinit[1]

                        This project was developed using python. In the script, it's already changing the ssh password with:

                        def set_user_password(self, username, password):
                                  pw_cmd = "echo " + password + " | pw usermod -n " + username + " -h 0"
                                  subprocess.check_call(pw_cmd, shell=True)

                        Therefore i need to integrate it to change the webgui password too.

                        I also tried to create a script to use the auth.inc, so i can use this api to the python script may to run it:

                        2.2.6-RELEASE][admin@firewall.novalocal]/root: cat test.php
                        #!/usr/local/bin/php -f
                        require("auth.inc");
                        $admin_user = "admin";
                        $password = "teste";
                        local_user_set_password($admin_user, $password);
                        local_user_set($admin_user);
                        ?>
                        [2.2.6-RELEASE][admin@firewall.novalocal]/root: php -f test.php

                        Warning: Illegal string offset 'password' in /etc/inc/auth.inc on line 520

                        Warning: Illegal string offset 'md5-hash' in /etc/inc/auth.inc on line 521

                        Warning: Illegal string offset 'nt-hash' in /etc/inc/auth.inc on line 532
                        [2.2.6-RELEASE][admin@firewall.novalocal]/root:

                        I kown that this is not the correct way to do, it was just a test. But everything that i tried to do at this time did not work.

                        I wonder if you guys could help me to figure out a way to change the webgui password from a command line without prompt

                        Thanks in advance

                        [1] http://pellaeon.github.io/bsd-cloudinit/

                        1 Reply Last reply Reply Quote 0
                        • H
                          heper last edited by

                          https://github.com/pfsense/pfsense/blob/master/src/etc/phpshellsessions/changepassword
                          

                          above is the code that runs when using  the CLI developers shell
                          @jimp:

                          Changing the password for the GUI admin user resets root also in the shell. Never try to manage the passwords directly in the command line using the OS tools like pw, passwd, etc.

                          On pfSense 2.2, you can use:

                          pfSsh.php playback changepassword admin
                          

                          It will prompt for a new password and confirm it.

                          enjoy

                          1 Reply Last reply Reply Quote 0
                          • R
                            rbarreto last edited by

                            Hi heper

                            Thank you for your response.

                            However, I need to do that with no prompt

                            I already tried like:

                            [2.2.6-RELEASE][admin@pfSense.localdomain]/root: ( echo password ; echo password ; echo exit) | pfSsh.php playback changepassword admin

                            Starting the pfSense developer shell….

                            Changing password for 'admin'.
                            New Password: stty: stdin isn't a terminal
                            stty: stdin isn't a terminal

                            Confirm New Password: stty: stdin isn't a terminal
                            stty: stdin isn't a terminal

                            [2.2.6-RELEASE][admin@pfSense.localdomain]/root:

                            but no success

                            Thank you

                            1 Reply Last reply Reply Quote 0
                            • H
                              heper last edited by

                              yes i know.
                              you'd need to make adjustments to allow for an additional password-argument ( https://github.com/pfsense/pfsense/blob/master/src/etc/phpshellsessions/changepassword#L8-L23 )
                              also would need to adjust some of the logic below so it stops prompting for a manual input ( https://github.com/pfsense/pfsense/blob/master/src/etc/phpshellsessions/changepassword#L34-L50 )

                              1 Reply Last reply Reply Quote 0
                              • R
                                rbarreto last edited by

                                Yes. Did work.

                                I comment the stty lines who were not allowing the change:

                                // If the user does exist, prompt for password
                                while (empty($password)) {
                                        echo gettext("New Password") . ": ";
                                        //exec('/bin/stty -echo');
                                        $password = trim(fgets($fp));
                                        //exec('/bin/stty echo');
                                        echo "\n";
                                }

                                // Confirm password
                                while (empty($confpassword)) {
                                        echo gettext("Confirm New Password") . ": ";
                                        //exec('/bin/stty -echo');
                                        $confpassword = trim(fgets($fp));
                                        //exec('/bin/stty echo');
                                        echo "\n";
                                }

                                So i got change the password for both ssh and webgui:

                                [2.2.6-RELEASE][admin@pfSense.localdomain]/root: ( echo admin ; echo password ; echo password ; echo exit ) | pfSsh.php playback changepassword

                                Starting the pfSense developer shell….

                                Enter username: Changing password for 'admin'. 
                                New Password:
                                Confirm New Password:
                                [2.2.6-RELEASE][admin@pfSense.localdomain]/root:

                                Thank you a lot

                                1 Reply Last reply Reply Quote 0
                                • First post
                                  Last post

                                Products

                                • Platform Overview
                                • TNSR
                                • pfSense
                                • Appliances

                                Services

                                • Training
                                • Professional Services

                                Support

                                • Subscription Plans
                                • Contact Support
                                • Product Lifecycle
                                • Documentation

                                News

                                • Media Coverage
                                • Press
                                • Events

                                Resources

                                • Blog
                                • FAQ
                                • Find a Partner
                                • Resource Library
                                • Security Information

                                Company

                                • About Us
                                • Careers
                                • Partners
                                • Contact Us
                                • Legal
                                Our Mission

                                We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

                                Subscribe to our Newsletter

                                Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

                                © 2021 Rubicon Communications, LLC | Privacy Policy