Nobody wants to have a plain text password laying around. I have generally needed hashed passwords for environment variables in virtual environments. Another possibility is settings a users password on your system, which will be demonstrated below. There are certainly many more use cases so having this knowledge can be useful for many.
It is fairly simple and can be done using the openssl command. This guide will walk you through the process of creating a hashed password, as well as how to use it to set a password for a user on your system. Let’s get to it.
Step 1: Generate a Random Salt
The first step in creating a hashed password is to generate a random salt. A salt is a random string of characters that is added to the password before it is hashed. This adds an additional layer of security to the password. To generate a random salt, open the terminal and use the following command:
openssl rand -base64 32
# Example Output
pCNgiQprrT/EmeE56254VnOJyGrky6VzRl7Hbxs4YmQ=Step 2: Hash your password
Once you have your salt, you can use the openssl passwd command to hash your password. Here's an example command:
openssl passwd -6 -salt <salt> <password>
# Example using WinnieTheP00h as the password
openssl passwd -6 -salt pCNgiQprrT/EmeE56254VnOJyGrky6VzRl7Hbxs4YmQ= WinnieTheP00h
# Output
$6$pCNgiQprrT/EmeE5$G7wa6wYm1FyuBHeVsuyH9IXGju07csuFwtrynslvSz6O.wFv4Ub8ADPqlBseewQQZQfp.9LCkWyodvJQjH.fe0Where “salt” is the salt that you generated in step 1 and “password” is the plain text password you want to hash. The “-6” flag specifies to use the SHA-512 algorithm.
The output of the above command will be the hashed password.
Step 3: Set the password for a user
With the hashed password and the salt, you can set the password for a user on your system. Here’s an example command:
usermod --password '$6$saltstring$hashedpassword' usernameWhere ‘$6$saltstring$hashedpassword’ is the hashed password generated in step 2 and “username” is the username of the user you want to set the password for.
Step 4: Verify the new password
Finally, to ensure the new password is set correctly and the user can login with the new password, you can use the following command:
passwd --status usernameWhere “username” is the username of the user.
A couple things to note:
- The “$6$” in the command is the prefix of the algorithm used to hash the password which is sha512 algorithm.
- This method is only for creating a hashed password and adding it to a user. If you wish to change a user’s password you should use the
passwdcommand and not this method.
By following these steps, you can easily create a hashed password using the openssl command and use it to set a password for a user on your system, or anything else you desire.
Thanks for reading and I hope you were able to learn something!
