Hide

What's this?

commandlinefu.com is the place to record those command-line gems that you return to again and again.

Delete that bloated snippets file you've been using and share your personal repository with the world. That way others can gain from your CLI wisdom and you from theirs too. All commands can be commented on, discussed and voted up or down.


If you have a new feature suggestion or find a bug, please get in touch via http://commandlinefu.uservoice.com/

Get involved!

You can sign-in using OpenID credentials, or register a traditional username and password.

First-time OpenID users will be automatically assigned a username which can be changed after signing in.

Hide

Stay in the loop…

Follow the Tweets.

Every new command is wrapped in a tweet and posted to Twitter. Following the stream is a great way of staying abreast of the latest commands. For the more discerning, there are Twitter accounts for commands that get a minimum of 3 and 10 votes - that way only the great commands get tweeted.

» http://twitter.com/commandlinefu
» http://twitter.com/commandlinefu3
» http://twitter.com/commandlinefu10

Subscribe to the feeds.

Use your favourite RSS aggregator to stay in touch with the latest commands. There are feeds mirroring the 3 Twitter streams as well as for virtually every other subset (users, tags, functions,…):

Subscribe to the feed for:

Hide

News

2011-03-12 - Confoo 2011 presentation
Slides are available from the commandlinefu presentation at Confoo 2011: http://presentations.codeinthehole.com/confoo2011/
2011-01-04 - Moderation now required for new commands
To try and put and end to the spamming, new commands require moderation before they will appear on the site.
2010-12-27 - Apologies for not banning the trolls sooner
Have been away from the interwebs over Christmas. Will be more vigilant henceforth.
2010-09-24 - OAuth and pagination problems fixed
Apologies for the delay in getting Twitter's OAuth supported. Annoying pagination gremlin also fixed.
Hide

Tags

Hide

Functions

Commands tagged password from sorted by
Terminal - Commands tagged password - 43 results
pwdadm -f ADMCHG [user]
2011-04-28 02:22:03
User: mack
0

This command is AIX compatible.

It will prompt the user for a new password at next logon

chage -d 0 -m 0 -M 60 [user]
2011-04-28 02:19:59
User: mack
Functions: chage
0

This command is Linux compatible.

It will prompt the user for a new password at next logon

for i in {21..79};do echo -e "\x$i";done | tr " " "\n" | shuf | tr -d "\n"
env LC_CTYPE=C tr -dc "a-zA-Z0-9-_\$\?" < /dev/urandom | head -c 10
2011-02-22 17:09:44
User: aerickson
Functions: env head tr
0

Prepending

env LC_CTYPE=C

fixes a problem with bad bytes in /dev/urandom on Mac OS X

let NOW=`date +%s`/86400 ; PASS_LAST_CHANGE=`grep $USER /etc/shadow | cut -d: -f3` ; PASS_LIFE=`grep $USER /etc/shadow | cut -d: -f5`; DAYS_LEFT=$(( PASS_LAST_CHANGE + PASS_LIFE - NOW)) ; echo $DAYS_LEFT
2010-11-05 23:03:48
User: EBAH
Functions: cut echo
0

This works only with GNU date.

In solaris the command:

date +%s

doesn't work.

You can try using the following instead:

nawk 'BEGIN {print srand()}'

should give the same output as date +%s under Solaris.

makepasswd --char=32
2010-09-29 06:01:32
User: zed
-1

A more robust password creation utility

# Create passwords in batch

makepasswd --char=32 --count=10

# To learn more about the options you can use

man makepasswd
useradd -m -p $(perl -e'print crypt("pass", "mb")') user
2010-09-03 19:00:56
User: mariusbutuc
Functions: perl useradd
0

Function: char * crypt (const char *key, const char *salt)

The crypt function takes a password, key, as a string, and a salt character array which is described below, and returns a printable ASCII string which starts with another salt. It is believed that, given the output of the function, the best way to find a key that will produce that output is to guess values of key until the original value of key is found.

The salt parameter does two things. Firstly, it selects which algorithm is used, the MD5-based one or the DES-based one. Secondly, it makes life harder for someone trying to guess passwords against a file containing many passwords; without a salt, an intruder can make a guess, run crypt on it once, and compare the result with all the passwords. With a salt, the intruder must run crypt once for each different salt.

For the MD5-based algorithm, the salt should consist of the string $1$, followed by up to 8 characters, terminated by either another $ or the end of the string. The result of crypt will be the salt, followed by a $ if the salt didn't end with one, followed by 22 characters from the alphabet ./0-9A-Za-z, up to 34 characters total. Every character in the key is significant.

For the DES-based algorithm, the salt should consist of two characters from the alphabet ./0-9A-Za-z, and the result of crypt will be those two characters followed by 11 more from the same alphabet, 13 in total. Only the first 8 characters in the key are significant.

perl -MDigest::SHA -e 'print substr( Digest::SHA::sha256_base64( time() ), 0, $ARGV[0] ) . "\n"' <length>
2010-04-30 21:45:46
User: udog
Functions: perl
1

Of course you will have to install Digest::SHA and perl before this will work :)

Maximum length is 43 for SHA256. If you need more, use SHA512 or the hexadecimal form: sha256_hex()

php -r 'echo md5("password") . "\n";'
set-proxy () { P=webproxy:1234; DU="fred"; read -p "username[$DU]:" USER; printf "%b"; UN=${USER:-$DU}; read -s -p "password:" PASS; printf "%b" "\n"; export http_proxy="http://${UN}:${PASS}@$P/"; export ftp_proxy="http://${UN}:${PASS}@$P/"; }
2010-02-04 13:12:59
User: shadycraig
Functions: export printf read set
1

Prompts the user for username and password, that are then exported to http_proxy for use by wget, yum etc

Default user, webproxy and port are used.

Using this script prevent the cleartext user and pass being in your bash_history and on-screen

openssl rand -base64 1000 | tr "[:upper:]" "[:lower:]" | tr -cd "[:alnum:]" | tr -d "lo" | cut -c 1-8 | pbcopy
2009-12-29 17:18:25
User: _eirik
Functions: cut tr
-3

eliminates "l" and "o" characters change length by changing 'x' here: cut -c 1-x

openssl rand -base64 6
pwgen -Bs 10 1
2009-12-01 14:33:51
14

-B flag = don't include characters that can be confused for other characters (this helps when you give someone their password for the first time so they don't cause a lockout with, for example, denyhosts or fail2ban)

-s flag = make a "secure", or hard-to-crack password

-y flag = include special characters (not used in the example because so many people hate it -- however I recommend it)

"1 10" = output 1 password, make it 10 characters in length

For even more secure passwords please use the -y flag to include special characters like so:

pwgen -Bsy 10 1

output>> }&^Y?.>7Wu

openssl des3 -salt -in unencrypted-data.tar -out encrypted-data.tar.des3
2009-10-03 03:50:46
User: berot3
3

The lifehacker way: http://lifehacker.com/software/top/geek-to-live--encrypt-your-data-178005.php#Alternate%20Method:%20OpenSSL

"That command will encrypt the unencrypted-data.tar file with the password you choose and output the result to encrypted-data.tar.des3. To unlock the encrypted file, use the following command:"

openssl des3 -d -salt -in encrypted-data.tar.des3 -out unencrypted-data.tar
randpw(){ < /dev/urandom tr -dc _A-Z-a-z-0-9 | head -c${1:-16};echo;}
2009-08-07 07:30:57
User: frozenfire
Functions: head tr
3

Generates password consisting of alphanumeric characters, defaults to 16 characters unless argument given.

pwsafe -qa "gpg keys"."$(finger `whoami` | grep Name | awk '{ print $4" "$5 }')"
2009-05-07 14:49:56
User: denzuko
0

From time to time one forgets either thier gpg key or other passphrases. This can be very problematic in most cases. But luckily there's this script. Its based off of pwsafe which is a unix commandline program that manages encrypted password databases. For more info on pwsafe visit, http://nsd.dyndns.org/pwsafe/.

What this script does is it will help you store all your passphrases for later on and allow you to copy it to your clipboard so you can just paste it in, all with one password. Pretty neat no?

You can find future releases of this and many more scripts at The Teachings of Master Denzuko - denzuko.wordpress.com.

vim -x <FILENAME>
2009-05-05 23:24:17
User: denzuko
Functions: vim
63

While I love gpg and truecrypt there's some times when you just want to edit a file and not worry about keys or having to deal needing extra software on hand. Thus, you can use vim's encrypted file format.

For more info on vim's encrypted files visit: http://www.vim.org/htmldoc/editing.html#encryption

echo "A great password" | md5sum
2009-04-24 14:32:56
User: ubersoldat
Functions: echo
-5

You can also use sha1sum and variants for longer passwords