You can use the following shell function to generate random password. The function use the combination of the following commands and files:
- /dev/urandom file – Linux kernel’s random number generator source/interface. A read from the /dev/urandom device will not block waiting for more entropy.
- tr command – Translate or delete characters. Used to remove unwanted characters from /dev/urandom.
- head command – Output the first part of files.
- xargs command – build and execute command lines from standard input/pipe.
Bash function to create random password
Edit ~/.bashrc file, enter:
$ vi $HOME/.bashrc
Append the following code:
genpasswd() { local l=$1 [ "$l" == "" ] && l=16 tr -dc A-Za-z0-9_ < /dev/urandom | head -c ${l} | xargs } |
Save and close the file. Source ~/.bashrc again, enter:
$ source ~/.bashrc
To generate random password, enter:
$ genpasswd
Sample outputs:
WGtkhETPJFZ2mtZk
To generate 8 character long random password, enter:
$ genpasswd 8
Sample outputs:
oj7Wqvb
Linux Random Password Generator Command
- See how to use makepasswd> command to generate true random passwords by using the /dev/random feature of Linux.
- Man pages: bash(1),tr(1),head(1),xargs(1),urandom(4)
11 comment
Cool tip, the following command always worked for me:
openssl rand -base64 6
Thanks for the Tips, and cool blog too.
keep up the good work.
Debian / Ubuntu: sudo apt-get install pwgen
Centos / Redhat : yum –enablerepo=rpmforge install bind-utils secpwgen
Thanks for the tips…its work. ^_^
Well, the need for random password generation is an important topic, and your example of User-Defined Function is nice to know, but there is already a nice command for it! ;-D
It’s named [mkpasswd]
To get manual page, type in : man mkpasswd
MKPASSWD(1)
NAME
mkpasswd – Overfeatured front end to crypt(3)
SYNOPSIS
mkpasswd PASSWORD SALT
DESCRIPTION
mkpasswd encrypts the given password with the crypt(3) libc function using the given salt.
OPTIONS
-S, –salt=STRING
Use the STRING as salt. It must not contain prefixes such as $1$.
-R, –rounds=NUMBER
Use NUMBER rounds. This argument is ignored if the method choosen does not support variable rounds. For the
OpenBSD Blowfish method this is the logarithm of the number of rounds.
-m, –method=TYPE
Compute the password using the TYPE method. If TYPE is help then the available methods are printed.
-P, –password-fd=NUM
Read the password from file descriptor NUM instead of using getpass(3). If the file descriptor is not connected
to a tty then no other message than the hashed password is printed on stdout.
-s, –stdin
Like –password-fd=0.
For ubuntu i like to use apg
apt-get install apg
Then just run:
apg
The original example is very unsafe since all local users can see your password via the process list.
Details available in http://tech.slashdot.org/comments.pl?sid=2679771&cid=39091343
On Mac OS I have to add LC_TYPE in front of tr line e.g.
LC_CTYPE=C tr -dc A-Za-z0-9_ < /dev/urandom | head -c ${l} | xargs
This was to avoid this "Illegal byte sequence" issue http://nerdbynature.de/s9y/?176
Thanks for you solution.
Thanks, Sebastian! I was getting that error, too.
on mac this one not work for me
LC_CTYPE=C tr -dc A-Za-z0-9_ < /dev/urandom | head -c ${l} | xargs"but if we change with LC_ALL can work
LC_ALL=C tr -dc A-Za-z0-9_ < /dev/urandom | head -c ${l} | xargsis xargs really necessary here?
also, for passwords no special chars is quick to hack, so I like to use ASCII chars 50 -172 (right after the quotes so that it doesn’t interfere with variable assignment.
tr -dc \\050-\\172 < /dev/urandom | head -c ${l}