Unix & Linux Asked on November 14, 2021
I need to manually edit /etc/shadow
to change the root password inside of a virtual machine image.
Is there a command-line tool that takes a password and generates an /etc/shadow
compatible password hash on standard out?
As many commenters have pointed out. Specifying your salt, let alone your password, is a security problem, because it makes reusing salts possible. Reuse of salts makes rainbow table attacks on your password hashes much more feasible, and it also makes it obvious which users share passwords with each other (isolating and highlighting likely less secure passwords such as 123456 or qwertyuiop).
You should not specify your password on the command line (because it is saved in shell history, and even if it's deleted, it could still reside for some time in the free space of your disk, especially if you're using a COW filesystem). You should not manually specify your salt at all. You can achieve this by simply using:
openssl passwd -6
(-6
specifies SHA512. Use -5
for SHA256. Avoid -1
for MD5, if possible.)
OpenSSL will ask you for your password via stdin twice, and generate a random salt for each input.
Answered by OmnipotentEntity on November 14, 2021
Currently, I don't have enough reputation to comment.I created this password generator tool . It uses method no 1 described by Rahul Patil.
Answered by Ammad Khalid on November 14, 2021
Expanding a bit on the criticisms of u150825 and Gert van den Berg, I found myself needing something relatively flexible for different situations with different automation systems. I decided I would add to my own little library of useful scripts and write this. It uses only native libraries from python 2.7+, and works on python3 just as well.
You can pick it up here if you like. It's just as easy to drop this in your environment if you're needing to use it a lot, http hosted or whatever, and you can run it on any platform using whatever the default python interpreter you've got available to you is, pretty reliably counting on it working.
It defaults to prompting using getpass with prompts on stderr (allowing easy capture of stdout), but if you pipe a string to it it'll just reap from stdin. Depending on how you're going about this, it may not be showing up in command history, either, so just be cognizant of what it is you're working with. I like having a flexible tool that'll behave in an expected way, rather than having to rely on packages or python one-lining my way to victory 10 different ways.
Answered by James Harmison on November 14, 2021
The openssl
and chpasswd -e
pair didn't work in my case in RHEL6. Combining openssl passwd
and usermod -p
command did the job.
Generate the hash value of the password along with the salt value:
$ openssl passwd -1 -salt 5RPVAd clear-text-passwd43
$1$5RPVAd$vgsoSANybLDepv2ETcUH7.
Then, copy the encrypted string to usermod. Make sure to wrap it with single quotes.
$ usermod -p '$1$5RPVAd$vgsoSANybLDepv2ETcUH7.' root
Check it out in shadow file.
$ grep root /etc/shadow
root:$1$5RPVAd$vgsoSANybLDepv2ETcUH7.:17774:0:99999:7:::
Answered by Joon Byun on November 14, 2021
None of the current methods are acceptable to me - They either pass the password on the command line (which ends up in my shell's history), require the installation of additional utilities (python3
, makepasswd
), use hard-coded salts or use old hashing techniques.
This method would generate SHA-512 hashes after prompting for the password and would use a random salt.
A method utilising Python 2 without any non-standard libraries:
python2 -c 'import crypt, getpass,os,base64; print crypt.crypt(getpass.getpass(), "$6$"+base64.b64encode(os.urandom(16))+"$")'
To do it without a prompt: (This will leave your password in the command history)
python2 -c 'import crypt, os,base64; print crypt.crypt("MyPassword", "$6$"+base64.b64encode(os.urandom(16))+"$")'
Answered by Gert van den Berg on November 14, 2021
Yet another method to generate passwords, is using the openssl
tool.
Generate MD5 passwords
openssl passwd -1 -salt SaltSalt SecretPassword
# output: $1$SaltSalt$FSYmvnuDuSP883uWgYBXW/
Generate DES passwords
openssl passwd -crypt -salt XR SuprScrt
# output: XR1dOp2EVMph2
Answered by Evgeny on November 14, 2021
This solution has the following benefits:
Re-prompts for the password to avoid mistakes.
$ python3 -c "from getpass import getpass; from crypt import *;
p=getpass(); print('n'+crypt(p, METHOD_SHA512))
if p==getpass('Please repeat: ') else print('nFailed repeating.')"
Answered by u150825 on November 14, 2021
For those without Debian based systems. Python3 works just as well.
python3 -c 'import crypt, getpass; print(crypt.crypt(getpass.getpass()))'
getpass.getpass()
will prompt you for a password on the command line.
Answered by Greg on November 14, 2021
On Ubuntu 12.04, there is mkpasswd (from the whois package): Overfeatured front end to crypt(3)
mkpasswd -m sha-512 -S saltsalt -s <<< YourPass
Where:
-m
= Compute the password using the TYPE method. If TYPE is help then the available methods are printed.-S
= salt used.E.g.
$ mkpasswd -m help
-s = Read password from stdin
Answered by user3183018 on November 14, 2021
You can use following commands for the same:
openssl passwd -6 -salt xyz yourpass
Note: passing -1
will generate an MD5 password, -5
a SHA256 and -6
SHA512 (recommended)
mkpasswd --method=SHA-512 --stdin
The option --method
accepts md5
, sha-256
and sha-512
As @tink suggested, we can update the password using chpasswd
using:
echo "username:password" | chpasswd
Or you can use the encrypted password with chpasswd
. First generate it using this:
perl -e 'print crypt("YourPasswd", "salt", "sha512"),"n"'
Then later you can use the generated password to update /etc/shadow
:
echo "username:encryptedPassWd" | chpasswd -e
The encrypted password we can also use to create a new user with this password, for example:
useradd -p 'encryptedPassWd' username
Answered by Rahul Patil on November 14, 2021
Get help from others!
Recent Answers
Recent Questions
© 2024 TransWikia.com. All rights reserved. Sites we Love: PCI Database, UKBizDB, Menu Kuliner, Sharing RPP