If you’re looking to generate the /etc/shadow
hash for a password for a Linux user (for instance: to use in a Puppet manifest), you can easily generate one at the command line.
$ openssl passwd -1 Password: Verifying - Password: $1$3JUKmV3R$vZVeb51f1t6QZUecwuRHX0
If you want to pass along a salt to your password;
$ openssl passwd -1 -salt yoursalt Password: $1$yoursalt$5WA5NN0quMJ62v5LCu8kj1
The above examples all prompt your password, so it won’t be visible in the history
of the server or in the process listing. If you want to directly pass the password as a parameter, use one of these examples.
$ openssl passwd -1 Password: Verifying - Password: $1$rr7ygbpo$v.zYy4J3/B73NF/qsrDZJ0 $ echo 'joske' | openssl passwd -1 -stdin $1$8HOL7Lpu$wYO7x5kUDw39GfQaVqelP/
By default, this will use an md5
algoritme for your password hash. The openssl
tool only allows for those md5
hashes, so if you’re looking for a more secure sha256
hash you can use this python script as shared by Red Hat.
$ python -c "import crypt; print crypt.crypt('joske')" $6$0LNgXS95nJv2B6hm$BRNf00hyT5xGNRnsLSSn3xDPXIs6l34g2kpex4mh0w/fvGz4MYs02qWjVU5NrbVktoNVNRsHU6MUTUua4J5nO0
There you go!