sslpasswd Command in Linux
sslpasswd is an OpenSSL tool that comes with a Linux system and is used to generate password hashes. It is typically used to create a hashed password to be used for safekeeping or as authentication. The hashing algorithms that it supports include the default crypt algorithm found in Unix, the MD5-based password hash found in BSD, and its Apache counterpart.
The main function of the sslpasswd command is to generate a hashed password. Hashes are used when storing plaintext passwords would represent a security risk. By hashing the passwords, a machine would be able to validate user credentials without ever exposing any valuable information.
Table of Contents
Here is a comprehensive guide to the options available with the sslpasswd command −
Syntax of sslpasswd Command
The syntax of sslpasswd command is simple and flexible −
openssl passwd [options] [password]
Where,
- options − Specify the type of hashing algorithm, salt, or some other configuration.
- password − The plain text password may be supplied directly or entered interactively.
sslpasswd Command Options
The sslpasswd command provides a variety of options enabling password hashing flexibility −
| Option | Description |
|---|---|
| -in infile | Read passwords from a given file so that each line is treated as a separate password to be hashed. |
| -noverify | No verification occurs when reading passwords directly from the terminal; this allows for faster input, particularly in scripting. |
| -stdin | Accepts passwords via standard input, conveniently for pipelines and automation. |
| -quiet | Suppresses warnings and only prints the hashed passwords without any additional output. |
| -table | Formats its output in a table for easy consumption when there are lots of passwords and their hashes supplied. |
| -reverse | When in table mode, reverses the column order, hashing first then passwords. |
| -6 | Use hash custom salt in hashing for randomness to improve security. |
| -5 | Uses the SHA256-based password algorithm, offering a strong yet slightly lighter alternative to SHA512. |
| -apr1 | MD5-based Apache password algorithm generally used to squirrel away files for web-server authentication in .htpasswd files. |
| -1 | MD5-based BSD password algorithm for hashing. |
| -rand val | Load the specified filename into the random number generator to enhance randomness for hashing or cryptographic purposes. |
| -writerand outfile | Write random data to a specified file for later purposes or cryptographic operations. |
| -provider-path val | Defines the path to load any providers necessary to carry out cryptographic operations. |
| -propquery val | Sets a property query to get an algorithm specified according to the criteria provided. |
| password | The plaintext password for hashing itself. On the other hand, if no password is specified, an interactive prompt is presented instead. |
Examples of sslpasswd Command in Linux
Below, we have seen some practical examples of the sslpasswd command in Linux −
- Generate a Password Hash Using Default Algorithm
- Use MD5-Based Algorithm
- Hash Multiple Passwords from a File
- Input Password Via Standard Input
- Output Password Hashes in a Table Format
Generate a Password Hash Using Default Algorithm
In the absence of any options, the openssl passwd command will hash a password using the default algorithm based on the crypt command.
openssl passwd password
The hashed output of a password will be produced using the aforementioned command. This output will mostly be stored in the respective authentication scheme securely.
Use MD5-Based BSD Algorithm
The -1 option specifies the MD5-based BSD password algorithm, producing a hash compatible with certain Unix-like systems.
openssl passwd -1 password
This method of hashing was largely used on systems that accept MD5 for authentication.
Hash Multiple Passwords From a File
The -in option reads plaintext passwords from a file, hashing each one.
openssl passwd -in passwords.txt
This is useful for batch processing, where you need to hash several passwords simultaneously.
Input Password Via Standard Input
For secure scripting or automation, you can pipe the password into the command using the -stdin option.
echo -n "password" | openssl passwd -stdin
This avoids exposing the password in the command line history, enhancing security during usage.
Output Password Hashes in a Table Format
To prepend the plaintext password to its hash in the output −
openssl passwd -table password
The -table option formats the output by including the plaintext password followed by its hash, separated by a tab. This is useful for debugging or verification.
Conclusion
sslpasswd is a crucial utility for securely creating hashed passwords under Linux. Its versatility, with its support for different algorithms and customizations, makes it the best-suited tool for various authentication settings.
The proper installation and use of OpenSSL provide strong security for sensitive user credentials. By implementing hashed passwords with proper system configuration, administrators can greatly improve the security practices.