View previous topic :: View next topic |
Author |
Message |
Drusenija n00b
Joined: 19 May 2006 Posts: 5
|
Posted: Fri May 19, 2006 1:30 pm Post subject: Mini-script: Automatic Password Scrambler |
|
|
For a server I'm building at the moment, my employer is particularly paranoid about security, and has insisted that all logins should be done via public/private keys, and that the actual passwords should be scrambled because they won't be needed. So I've written a little script that will automatically scramble a user's password ^^ Thought I'd share it here in case anyone else has a need for something like this.
Code: | #!/bin/bash
if [ $# -ne 2 ]
then
echo "Syntax:"
echo "$0 <user> <pwlen>"
else
touch /tmp/usepw
dd if=/dev/urandom of=/tmp/usepw bs=$2 count=1 2> /dev/null
uuencode -m /tmp/usepw stdout | tail -n 2 | head -n 1 > /tmp/epwd
usermod -p `cat /tmp/epwd` $1
echo "$1's password has been scrambled to:"
echo " `cat /tmp/epwd`"
rm -rf /tmp/usepw /tmp/epwd
fi |
uuencode can be obtained by emerging sharutils if you don't have it. Basically it generates a random piece of garbage from /dev/urandom, then filters it through uuencode (using Base64 encoding with the -m option, since without it you occasionally get a : in the password which mucks up the password file!), and sets the user's new password with the usermod command. Interestingly enough, usermod already assumes the password is encrypted, so the string you see isn't the password anyway!
Disclaimer: Don't use this on your root account unless you have another way of logging in to it such as a public/private key pair! You may potentially render your root account useless. _________________ The Game is Nothing,
The Playing of it Everything |
|
Back to top |
|
|
Kruegi Guru
Joined: 09 Feb 2005 Posts: 406 Location: Clausthal-Zellerfeld; DE
|
Posted: Fri May 19, 2006 4:51 pm Post subject: |
|
|
I have a question: why didn't you just a set an invalid hash (*) value into /etc/shadow to prevent password login?
Thomas |
|
Back to top |
|
|
Drusenija n00b
Joined: 19 May 2006 Posts: 5
|
Posted: Fri May 19, 2006 10:51 pm Post subject: |
|
|
Cause this was what the employer wanted, so unfortunately when they're the one paying you, you kinda have to do what they're asking for _________________ The Game is Nothing,
The Playing of it Everything |
|
Back to top |
|
|
PabOu Veteran
Joined: 11 Feb 2004 Posts: 1088 Location: Hélécine - Belgium
|
Posted: Sat May 20, 2006 7:36 pm Post subject: Re: Mini-script: Automatic Password Scrambler |
|
|
Drusenija wrote: | Disclaimer: Don't use this on your root account unless you have another way of logging in to it such as a public/private key pair! You may potentially render your root account useless. |
If you have lost your root password, you may boot with gentoo minimal install cd, mount your system, chroot into it (follow the official handbook to know how to do it), and the password for root won't be needed. Then you'll be able to change it to a new one. _________________ Mangez du poulet ! |
|
Back to top |
|
|
|
|
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
|