What's this?

commandlinefu.com is the place to record those command-line gems that you return to again and again.

Delete that bloated snippets file you've been using and share your personal repository with the world. That way others can gain from your CLI wisdom and you from theirs too. All commands can be commented on, discussed and voted up or down.

Get involved!

You can sign-in using OpenID credentials, or register a traditional username and password.

First-time OpenID users will be automatically assigned a username which can be changed after signing in.

UpGuard checks and validates configurations for every major OS, network device, and cloud provider.

Stay in the loop…

Follow the Tweets.

Every new command is wrapped in a tweet and posted to Twitter. Following the stream is a great way of staying abreast of the latest commands. For the more discerning, there are Twitter accounts for commands that get a minimum of 3 and 10 votes - that way only the great commands get tweeted.

» http://twitter.com/commandlinefu
» http://twitter.com/commandlinefu3
» http://twitter.com/commandlinefu10

Subscribe to the feeds.

Use your favourite RSS aggregator to stay in touch with the latest commands. There are feeds mirroring the 3 Twitter streams as well as for virtually every other subset (users, tags, functions,…):

Subscribe to the feed for:



May 19, 2015 - A Look At The New Commandlinefu
I've put together a short writeup on what kind of newness you can expect from the next iteration of clfu. Check it out here.
March 2, 2015 - New Management
I'm Jon, I'll be maintaining and improving clfu. Thanks to David for building such a great resource!

Top Tags



Commands tagged password from sorted by
Terminal - Commands tagged password - 43 results
openssl rand -base64 12
2011-07-06 17:48:26
User: Mozai
Tags: password

Another password maker, for human-unfriendly passwords. '-base64' output will make sure it it can be typed on a keyboard, though the output string length will always be a multiple of 4.

pwdadm -f ADMCHG [user]
2011-04-28 02:22:03
User: mack

This command is AIX compatible.

It will prompt the user for a new password at next logon

chage -d 0 -m 0 -M 60 [user]
2011-04-28 02:19:59
User: mack
Functions: chage

This command is Linux compatible.

It will prompt the user for a new password at next logon

for i in {21..79};do echo -e "\x$i";done | tr " " "\n" | shuf | tr -d "\n"
env LC_CTYPE=C tr -dc "a-zA-Z0-9-_\$\?" < /dev/urandom | head -c 10
2011-02-22 17:09:44
User: aerickson
Functions: env head tr



fixes a problem with bad bytes in /dev/urandom on Mac OS X

let NOW=`date +%s`/86400 ; PASS_LAST_CHANGE=`grep $USER /etc/shadow | cut -d: -f3` ; PASS_LIFE=`grep $USER /etc/shadow | cut -d: -f5`; DAYS_LEFT=$(( PASS_LAST_CHANGE + PASS_LIFE - NOW)) ; echo $DAYS_LEFT
2010-11-05 23:03:48
User: EBAH
Functions: cut echo

This works only with GNU date.

In solaris the command:

date +%s

doesn't work.

You can try using the following instead:

nawk 'BEGIN {print srand()}'

should give the same output as date +%s under Solaris.

makepasswd --char=32
2010-09-29 06:01:32
User: zed

A more robust password creation utility

# Create passwords in batch

makepasswd --char=32 --count=10

# To learn more about the options you can use

man makepasswd
useradd -m -p $(perl -e'print crypt("pass", "mb")') user
2010-09-03 19:00:56
User: mariusbutuc
Functions: perl useradd

Function: char * crypt (const char *key, const char *salt)

The crypt function takes a password, key, as a string, and a salt character array which is described below, and returns a printable ASCII string which starts with another salt. It is believed that, given the output of the function, the best way to find a key that will produce that output is to guess values of key until the original value of key is found.

The salt parameter does two things. Firstly, it selects which algorithm is used, the MD5-based one or the DES-based one. Secondly, it makes life harder for someone trying to guess passwords against a file containing many passwords; without a salt, an intruder can make a guess, run crypt on it once, and compare the result with all the passwords. With a salt, the intruder must run crypt once for each different salt.

For the MD5-based algorithm, the salt should consist of the string $1$, followed by up to 8 characters, terminated by either another $ or the end of the string. The result of crypt will be the salt, followed by a $ if the salt didn't end with one, followed by 22 characters from the alphabet ./0-9A-Za-z, up to 34 characters total. Every character in the key is significant.

For the DES-based algorithm, the salt should consist of two characters from the alphabet ./0-9A-Za-z, and the result of crypt will be those two characters followed by 11 more from the same alphabet, 13 in total. Only the first 8 characters in the key are significant.

perl -MDigest::SHA -e 'print substr( Digest::SHA::sha256_base64( time() ), 0, $ARGV[0] ) . "\n"' <length>
2010-04-30 21:45:46
User: udog
Functions: perl

Of course you will have to install Digest::SHA and perl before this will work :)

Maximum length is 43 for SHA256. If you need more, use SHA512 or the hexadecimal form: sha256_hex()

set-proxy () { P=webproxy:1234; DU="fred"; read -p "username[$DU]:" USER; printf "%b"; UN=${USER:-$DU}; read -s -p "password:" PASS; printf "%b" "\n"; export http_proxy="http://${UN}:${PASS}@$P/"; export ftp_proxy="http://${UN}:${PASS}@$P/"; }
2010-02-04 13:12:59
User: shadycraig
Functions: export printf read set

Prompts the user for username and password, that are then exported to http_proxy for use by wget, yum etc

Default user, webproxy and port are used.

Using this script prevent the cleartext user and pass being in your bash_history and on-screen

openssl rand -base64 1000 | tr "[:upper:]" "[:lower:]" | tr -cd "[:alnum:]" | tr -d "lo" | cut -c 1-8 | pbcopy
2009-12-29 17:18:25
User: _eirik
Functions: cut tr

eliminates "l" and "o" characters change length by changing 'x' here: cut -c 1-x

openssl rand -base64 6
pwgen -Bs 10 1
2009-12-01 14:33:51

-B flag = don't include characters that can be confused for other characters (this helps when you give someone their password for the first time so they don't cause a lockout with, for example, denyhosts or fail2ban)

-s flag = make a "secure", or hard-to-crack password

-y flag = include special characters (not used in the example because so many people hate it -- however I recommend it)

"1 10" = output 1 password, make it 10 characters in length

For even more secure passwords please use the -y flag to include special characters like so:

pwgen -Bsy 10 1

output>> }&^Y?.>7Wu

openssl des3 -salt -in unencrypted-data.tar -out encrypted-data.tar.des3
2009-10-03 03:50:46
User: berot3

The lifehacker way: http://lifehacker.com/software/top/geek-to-live--encrypt-your-data-178005.php#Alternate%20Method:%20OpenSSL

"That command will encrypt the unencrypted-data.tar file with the password you choose and output the result to encrypted-data.tar.des3. To unlock the encrypted file, use the following command:"

openssl des3 -d -salt -in encrypted-data.tar.des3 -out unencrypted-data.tar
randpw(){ < /dev/urandom tr -dc _A-Z-a-z-0-9 | head -c${1:-16};echo;}
2009-08-07 07:30:57
User: frozenfire
Functions: head tr

Generates password consisting of alphanumeric characters, defaults to 16 characters unless argument given.

pwsafe -qa "gpg keys"."$(finger `whoami` | grep Name | awk '{ print $4" "$5 }')"
2009-05-07 14:49:56
User: denzuko

From time to time one forgets either thier gpg key or other passphrases. This can be very problematic in most cases. But luckily there's this script. Its based off of pwsafe which is a unix commandline program that manages encrypted password databases. For more info on pwsafe visit, http://nsd.dyndns.org/pwsafe/.

What this script does is it will help you store all your passphrases for later on and allow you to copy it to your clipboard so you can just paste it in, all with one password. Pretty neat no?

You can find future releases of this and many more scripts at The Teachings of Master Denzuko - denzuko.wordpress.com.

vim -x <FILENAME>
2009-05-05 23:24:17
User: denzuko
Functions: vim

While I love gpg and truecrypt there's some times when you just want to edit a file and not worry about keys or having to deal needing extra software on hand. Thus, you can use vim's encrypted file format.

For more info on vim's encrypted files visit: http://www.vim.org/htmldoc/editing.html#encryption

echo "A great password" | md5sum
2009-04-24 14:32:56
User: ubersoldat
Functions: echo

You can also use sha1sum and variants for longer passwords