How do I encrypt a new user's password using the useradd command?

Question

I would like to create an encrypted login password for a new user while using the useradd command in the CLI. I know that using option -p will allow me to create a password, but using this option does not encrypt the password. I also know that I can create an encrypted password using the passwd [username] command separately after the new user has been created through useradd, but like I said, I would like to know how to create an encrypted password through the useradd command.

score 3 · Answer 1 · answered Apr 01 '16 at 04:01

You could skip the whole administrator-created-password user administration hassle by creating the userid, then using passwd --expire on it. From man passwd:

   -e, --expire
       Immediately expire an account's password. This in effect can force
       a user to change his/her password at the user's next login.

kos · Answer 2 · 2016-04-07T11:25:24.483

You could use Perl:

perl -e "print crypt(\"foo\", \"\$6\$$(</dev/urandom tr -dc 'a-zA-Z0-9' | head -c 32)\$\")"

Or Python with the crypt module:

python -c "import crypt; print crypt.crypt(\"foo\", \"\$6\$$(</dev/urandom tr -dc 'a-zA-Z0-9' | head -c 32)\$\")"

foo: the password to encrypt
$6: the encryption type, in this case SHA-512
$(</dev/urandom tr -dc 'a-zA-Z0-9' | head -c 32): the encryption salt, in this case a random 32 character string.

In conjunction with useradd:

useradd [...] -p"$(perl -e "print crypt(\"foo\", \"\$6\$$(</dev/urandom tr -dc 'a-zA-Z0-9' | head -c 32)\$\")")" [...]

Or:

useradd [...] -p"$(python -c "import crypt; print crypt.crypt(\"foo\", \"\$6\$$(</dev/urandom tr -dc 'a-zA-Z0-9' | head -c 32)\$\")")" [...]

score 1 · Answer 3 · answered Jan 15 '20 at 11:12

You can use "useradd -p ENCRYPTED-passwd", you need the whole password, including the definition of encryption type, and you need to escape any and all $'s, other than that it seems to works fine.

Simply create a random, disposable user, set their password to what you want to use, then copy their password from the shadow file, copy everything from the first to the second ":" in the shadow file, and use that after the -p.

score 1 · Answer 4 · answered Dec 31 '23 at 17:00

You could use openssl like so:

encrypted=`echo $password | openssl passwd -6 -stdin`

For security reasons, you may also want to clear the variable's value asap:

password=

Although I don't think that changes much of anything.

Finally use the encrypted variable on the useradd command line:

... --password "$encrypted" ...

Webermax · Answer 5 · 2016-04-14T20:25:54.977

1

Since passwd does not support --stdin in Ubuntu you could try this:

perl -e "print crypt('password','sa');"

see https://administratosphere.wordpress.com/2011/06/16/generating-passwords-using-crypt3/

edited Apr 14 '16 at 20:25

answered Apr 01 '16 at 12:25

Webermax

11

score 0 · Answer 6 · answered Aug 11 '22 at 04:00

The following worked for me w/Ubuntu 18.04 LTS:

echo 'your_password' > /tmp/pw.txt
pw="$(makepasswd --crypt-md5 --clearfrom=/tmp/pw.txt)"
sudo useradd -p "${pw}" your_username
rm -f /tmp/pw.txt

This may first require installing makepasswd using (on Ubuntu or Debian; google for other distros):

sudo apt install makepasswd

score 0 · Answer 7 · answered Dec 03 '24 at 17:27

0

The command to make a password encrypted is 'mkpasswd'.

With the password of "PASSWORD" you would run 'mkpasswd PASSWORD'.

useradd --password "$(mkpasswd PASSWORD)" <other flags and username here>

answered Dec 03 '24 at 17:27

why

101

How do I encrypt a new user's password using the useradd command?

7 Answers7

Linked