Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
Mini-script: Automatic Password Scrambler
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Documentation, Tips & Tricks
View previous topic :: View next topic  
Author Message
Drusenija
n00b
n00b


Joined: 19 May 2006
Posts: 5

PostPosted: Fri May 19, 2006 1:30 pm    Post subject: Mini-script: Automatic Password Scrambler Reply with quote

For a server I'm building at the moment, my employer is particularly paranoid about security, and has insisted that all logins should be done via public/private keys, and that the actual passwords should be scrambled because they won't be needed. So I've written a little script that will automatically scramble a user's password ^^ Thought I'd share it here in case anyone else has a need for something like this.

Code:
#!/bin/bash

if [ $# -ne 2 ]
then
        echo "Syntax:"
        echo "$0 <user> <pwlen>"
else
        touch /tmp/usepw
        dd if=/dev/urandom of=/tmp/usepw bs=$2 count=1 2> /dev/null
        uuencode -m /tmp/usepw stdout | tail -n 2 | head -n 1 > /tmp/epwd
        usermod -p `cat /tmp/epwd` $1
        echo "$1's password has been scrambled to:"
        echo "  `cat /tmp/epwd`"
        rm -rf /tmp/usepw /tmp/epwd
fi


uuencode can be obtained by emerging sharutils if you don't have it. Basically it generates a random piece of garbage from /dev/urandom, then filters it through uuencode (using Base64 encoding with the -m option, since without it you occasionally get a : in the password which mucks up the password file!), and sets the user's new password with the usermod command. Interestingly enough, usermod already assumes the password is encrypted, so the string you see isn't the password anyway!

Disclaimer: Don't use this on your root account unless you have another way of logging in to it such as a public/private key pair! You may potentially render your root account useless.
_________________
The Game is Nothing,
The Playing of it Everything
Back to top
View user's profile Send private message
Kruegi
Guru
Guru


Joined: 09 Feb 2005
Posts: 406
Location: Clausthal-Zellerfeld; DE

PostPosted: Fri May 19, 2006 4:51 pm    Post subject: Reply with quote

I have a question: why didn't you just a set an invalid hash (*) value into /etc/shadow to prevent password login?

Thomas
Back to top
View user's profile Send private message
Drusenija
n00b
n00b


Joined: 19 May 2006
Posts: 5

PostPosted: Fri May 19, 2006 10:51 pm    Post subject: Reply with quote

Cause this was what the employer wanted, so unfortunately when they're the one paying you, you kinda have to do what they're asking for :)
_________________
The Game is Nothing,
The Playing of it Everything
Back to top
View user's profile Send private message
PabOu
Veteran
Veteran


Joined: 11 Feb 2004
Posts: 1073
Location: Hélécine - Belgium

PostPosted: Sat May 20, 2006 7:36 pm    Post subject: Re: Mini-script: Automatic Password Scrambler Reply with quote

Drusenija wrote:
Disclaimer: Don't use this on your root account unless you have another way of logging in to it such as a public/private key pair! You may potentially render your root account useless.


If you have lost your root password, you may boot with gentoo minimal install cd, mount your system, chroot into it (follow the official handbook to know how to do it), and the password for root won't be needed. Then you'll be able to change it to a new one.
_________________
Mangez du poulet !
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Documentation, Tips & Tricks All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum