The Linux command line may be used to generate a very secure password. The example below shows how to generate a random password, reading from /dev/urandom and then ending up with a random string with enough random characters to be a secure enough password for a Linux user.
tr -dc "0-9A-Fa-f" < /dev/urandom | head -c 32 ; echo |
This example is even better. Even more special characters to make it even more secure.
(base) jason@jason-Lenovo-H50-55:~$ tr -dc "0-9A-Fa-f^%$#@&*^" < /dev/urandom | head -c 24 ; echo 1f5d6b6@^Db53dba*4dF@838 |
To generate a password string to paste into the /etc/shadow file, use openssl like this. You should not specify your password on the command line though, (because it is saved in shell history, and even if it’s deleted, it could still reside for some time in the free space of your disk, especially if you’re using a COW filesystem). You should not manually specify your salt at all. You can achieve this by simply using:
(base) jason@jason-Lenovo-H50-55:~$ openssl passwd -6 Password: Verifying - Password: $6$EHFUn.1S.m92Fw2s$KM2X0glGVp3aB0RA02TCl/0G.5g6HKxFmm403vEc9dzKWgA6r/l7.fq.oaWGYGMXt/iaULcnJaXcJjx2CUzbR/ |
(-6 specifies SHA512. Use -5 for SHA256. Avoid -1 for MD5, if possible.) OpenSSL will ask you for your password via stdin twice and generate a random salt for each input. This is a very easy way to create a Linux user password string.
Here is the password string in the /etc/shadow file.
mike:$6$g0SxsGHLK7hlnLqv$zugrNng8Sc3rWqmHBBH58CvSKYiVD6VFsKF9bhOX2Dnfbq6nShRLVQi8lFdamOGkhQf1Em7NJymWASn8rNAD.0:19303:0:99999:7::: |
This worked just fine on my Linux server, I added this user and then gave them a password string generated by the openssl utility. This is a very useful tip.