Generate secure password to userwith chpasswd

echo "encryptedpassword"|openssl passwd -1 -stdin

By: chmouel
2009-03-15 17:06:50

These Might Interest You

  • AIX lssec does not print the password attribute by policy # lssec -c -f /etc/security/passwd -s an_user -a password 3004-697 Attribute "password" is not valid. To get the password, you have to parse the /etc/security/passwd. You can reuse this password using chpasswd: echo "otheruser:D9oKC1v3VUt/I" | chpasswd -c -e -R compat Show Sample Output

    user=an_user awk "/^$user:\$/,/password =/ { if (\$1 == \"password\") { print \$3; } }" < /etc/security/passwd
    keymon · 2010-11-29 09:46:12 0
  • ZenCart uses a MD5 with a salt to secure its passwords. If you need to forcibly change someone's password to a known value within the database, this one-liner can generate the password. Change the value of 'p' to the password you want. Show Sample Output

    python -c 'p="SeCuR3PwD";import hashlib as h;s=h.md5(p).hexdigest()[:2];pw=h.md5(s+p).hexdigest();print pw+":"+s;'
    Xiol · 2011-10-16 18:49:08 1
  • According to the gpg(1) manual: --gen-random 0|1|2 count Emit count random bytes of the given quality level 0, 1 or 2. If count is not given or zero, an endless sequence of random bytes will be emitted. If used with --armor the output will be base64 encoded. PLEASE, don't use this command unless you know what you are doing; it may remove precious entropy from the system! If your entropy pool is critical for various operations on your system, then using this command is not recommended to generate a secure password. With that said, regenerating entropy is as simple as: du -s / This is a quick way to generate a strong, base64 encoded, secure password of arbitrary length, using your entropy pool (example above shows a 30-character long password). Show Sample Output

    gpg --gen-random --armor 1 30
    atoponce · 2011-07-20 15:32:49 2
  • (Please see sample output for usage) script.bash is your script, which will be crypted to script.bash --> You can execute only if you know the password. If you die, your script dies with you. If you modify the startup line, be careful with the offset calculation of the crypted block (the XX string). Not difficult to make script editable (an offset-dd piped to a gpg -d piped to a vim - piped to a gpg -c directed to ), but not enough space to do it on a one liner. Show Sample Output

    echo "eval \"\$(dd if=\$0 bs=1 skip=XX 2>/dev/null|gpg -d 2>/dev/null)\"; exit" >; sed -i s:XX:$(stat -c%s; gpg -c < script.bash >>; chmod +x
    rodolfoap · 2013-03-09 11:16:48 5

What Others Think

I take it you took the command from here, but you don't really know what's going on: Your description needs to be updated. You mention to generate secure passwords with 'chpasswd', but you're using openssl to create the hash. Then, with that hash, you could have explained how to use it with chpasswd, but you didn't. So, I'll do it for you: echo "test:$(echo password | openssl passwd -1 -stdin -salt abcde)" | sudo chpasswd -e
atoponce · 483 weeks and 6 days ago

What do you think?

Any thoughts on this command? Does it work on your machine? Can you do the same thing with only 14 characters?

You must be signed in to comment.

What's this? is the place to record those command-line gems that you return to again and again. That way others can gain from your CLI wisdom and you from theirs too. All commands can be commented on, discussed and voted up or down.

Share Your Commands

Stay in the loop…

Follow the Tweets.

Every new command is wrapped in a tweet and posted to Twitter. Following the stream is a great way of staying abreast of the latest commands. For the more discerning, there are Twitter accounts for commands that get a minimum of 3 and 10 votes - that way only the great commands get tweeted.


Subscribe to the feeds.

Use your favourite RSS aggregator to stay in touch with the latest commands. There are feeds mirroring the 3 Twitter streams as well as for virtually every other subset (users, tags, functions,…):

Subscribe to the feed for: