Password

Create random passwords with OpenSSL/LibreSSL

For a quick way of generating random passwords we can use the OpenSSL utility, part of OpenSSL and LibreSSL.

Summary of Create random passwords with OpenSSL/LibreSSL

As system administrators, we know we sometimes have to create passwords. It might be for ourselves, or when creating them for colleagues and customers. For an easy and quick way of generating random passwords, we can use the OpenSSL utility, part of OpenSSL and LibreSSL. This toolkit is often already installed on systems running Linux. OpenSSL has a randomize function. If we feed the output through the base64 function, the scrambled set of characters can be made more human-friendly.

Read the full article…

How to test if an account has a password set?

Want to determine if a Linux account has a password set or its related properties? Here are few methods to check this and the steps to perform.

Summary of How to test if an account has a password set?

Sometimes you might want to check if an account on the system has a password set. One of the reasons is to disable those, so you can enforce that only SSH authentication might be used, for example. There are a few ways to see if a password is set. Using the passwd command The first command that comes to mind is using the passwd command. Normally you would use that to change your password, but it can actually also reveal useful details about existing accounts.

Read the full article…

Password Security with Linux /etc/shadow file

Learn the structure of the /etc/shadow file and what the underlying fields mean in this article. After reading, the file should be less cryptic than it was before.

Summary of Password Security with Linux /etc/shadow file

Linux systems use a password file to store accounts, commonly available as /etc/passwd. For additional safety measures, a shadow copy of this file is used which includes the passwords of your users. Or actually hashed password, for maximum security. An example of a password entry in /etc/shadow may look like this: user1:$6$6Y/fI1nx$zQJj6AH9asTNfhxV7NoVgxByJyE.rVKK6tKXiOGNCfWBsrTGY7wtC6Cep6co9eVNkRFrpK6koXs1NU3AZQF8v/:16092:0:99999:7::: For proper display, let’s split this up in several fields: user1 $6$6Y/fI1nx$zQJj6AH9asTNfhxV7NoVgxByJyE.rVKK6tK 16092 0 99999 7 Field explanations Time to have a look what all these strings mean:

Read the full article…