Categories
SecOps

How to generate random password using command-line

I will show you how to generate a random password using the OpenSSL utility, standard command-line utilities, Password Generator (pwgen), and Automated Password Generator (APG).

OpenSSL command-line tool

Use openssl command to generate a number of pseudo-random bytes, perform base64 encoding and truncate the result to a specified number of characters as it will be padded.

$ openssl rand -base64 16 | colrm 17
/gZDZfL54a+ugAOc
Note that you are limited to a particular set of 64 characters (A–Z, a–z, 0–9, + and /) due to base64 encoding on the output.

Daily usage

Create a Bash shell function to generate a random password with a defined length.

generate_password() {
  ((test -n "$1" && test "$1" -ge 0) &&
    openssl rand -base64 $1 | colrm $(expr $1 + 1)) 2>&-;
};

Alternatively, extend it for pretty and colorful output.

generate_colourful_password() {
  ((test -n "$1" && test "$1" -ge 0) && \
    password=$(openssl rand -base64 $1 | colrm $(expr $1 + 1));
    while read -n1 character; do
      case $character in
        [0-9]) echo -n $(tput setaf 4)${character}$(tput sgr0) ;;
        [a-Z]) echo -n $(tput setaf 1)${character}$(tput sgr0) ;;
        *) echo -n $(tput setaf 2)${character}$(tput sgr0) ;;
      esac
    done < <(echo -n "$password");
    echo;
  ) 2>&-;
};

Create an alias and store it alongside the preceding function inside ~/.bashrc file.

alias gen_pass=generate_colourful_password
$ gen_pass 20
q/Hn7DfCBuPO1GYHHnFi

Basic shell utilities

Print the first 10 lines from the kernel’s random number generator, remove all non-printable characters including space, wrap each line to fit in specified width, delete the last line as it can be shorter, and print a random line.

$ head /dev/urandom | tr -dc '[:graph:]' | fold -w16 | sed '$d' | shuf -n1
~Zxk[jox0nC06.w#

Daily usage

Create a Bash shell function to generate a random password with a defined length.

generate_password() {
  ((test -n "$1" && test "$1" -ge 0) && \
    head /dev/urandom | tr -dc '[:graph:]' | fold -w$1 | sed '$d' | shuf -n1) 2>&-;
};

Alternatively, extend it for pretty and colorful output.

generate_colourful_password() {
  ((test -n "$1" && test "$1" -ge 0) && \
    password=$(head /dev/urandom | tr -dc '[:graph:]' | fold -w$1 | sed '$d' | shuf -n1);
    while read -n1 character; do
      case $character in
        [0-9]) echo -n $(tput setaf 4)${character}$(tput sgr0) ;;
        [a-Z]) echo -n $(tput setaf 1)${character}$(tput sgr0) ;;
        *) echo -n $(tput setaf 2)${character}$(tput sgr0) ;;
      esac
    done < <(echo -n "$password");
    echo;
  ) 2>&-;
};

Create an alias and store it alongside the preceding function inside ~/.bashrc file.

alias gen_pass=generate_colourful_password
$ gen_pass 20
PE5%6!GJ]7RBP$#QI4C|

Password Generator

Installation

Install pwgen – Password Generator using the following command.

$ sudo apt-get install pwgen

Basic usage

Use pwgen command to generate a secure password.

$ pwgen -s -N 1 -cny 20
sRk]C^oChJ3Veo/G^rro

Description and purpose of parameters.

-s Generate a completely random, hard-to-memorize password.
-N 1 Generate only one password.
-cny Require c capital letters, n numbers and y symbols.
20 Password length is set to 20 characters.

Read the manual page.

$ man pwgen

Daily usage

Create a Bash shell function to generate a random password with a defined length.

generate_password() {
  ((test -n "$1" && test "$1" -ge 0) && \
    pwgen -s -N 1 -cny $1) 2>&-;
};

Alternatively, extend it for pretty and colorful output.

generate_colourful_password() {
  ((test -n "$1" && test "$1" -ge 0) && \
    password=$(pwgen -s -N 1 -cny $1);
    while read -n1 character; do
      case $character in
        [0-9]) echo -n $(tput setaf 4)${character}$(tput sgr0) ;;
        [a-Z]) echo -n $(tput setaf 1)${character}$(tput sgr0) ;;
        *) echo -n $(tput setaf 2)${character}$(tput sgr0) ;;
      esac
    done < <(echo -n "$password");
    echo;
  ) 2>&-;
};

Create an alias and store it alongside the preceding function inside ~/.bashrc file.

alias gen_pass=generate_colourful_password
$ gen_pass 20
W76k}bt+Cb,deLZN2P-x

Automated Password Generator

Installation

Install APG – Automated Password Generator using the following command.

$ sudo apt-get install apg

Basic usage

Use apg command to generate a secure password.

$ apg -m 20 -x 1 -M SNCL -a 1 -n 1
$7(u23~ez>s`PlWcsm5C

Description and purpose of parameters.

-m 20 Minimum password length is set to 20 characters.
-x 1 Maximum password length. It is shorter than the previous value, so it is assumed to be equal to the minimum password length.
-M SNCL Require S symbols, N numbers, C capital letters and L small letters.
-a 1 Use random character password generation instead of pronounceable ones.
-n 1 Generate only one password.

Read the manual page.

$ man pwgen

Daily usage

Create a Bash shell function to generate a random password with a defined length.

generate_password() {
  ((test -n "$1" && test "$1" -ge 0) && \
    apg -m $1 -x 1 -M SNCL -a 1 -n 1) 2>&-;
};

Alternatively, extend it for pretty and colorful output.

generate_colourful_password() {
  ((test -n "$1" && test "$1" -ge 0) && \
    password=$(apg -m $1 -x 1 -M SNCL -a 1 -n 1);
    while read -n1 character; do
      case $character in
        [0-9]) echo -n $(tput setaf 4)${character}$(tput sgr0) ;;
        [a-Z]) echo -n $(tput setaf 1)${character}$(tput sgr0) ;;
        *) echo -n $(tput setaf 2)${character}$(tput sgr0) ;;
      esac
    done < <(echo -n "$password");
    echo;
  ) 2>&-;
};

Create an alias and store it alongside the preceding function inside ~/.bashrc file.

alias gen_pass=generate_colourful_password
$ gen_pass 20
x`y5d&lRTMYr@}x8tW'{

Additional notes

Feel free to inspect other solutions.

$ apt-cache search password | grep -v lib | grep -i -e "generat[e|or]" -e "manage"
apg - Automated Password Generator - Standalone version
aptdaemon - transaction based package management service
assword - Simple and secure password management and retrieval system.
cewl - custom word list generator
cpm - Curses based password manager using PGP-encryption
cryptmount - Management of encrypted file systems
gpw - Trigraph Password Generator
gringotts - secure password and data storage manager
kedpm - KED Password Manager
kedpm-gtk - KED Password Manager
keepass2 - Password manager
keepass2-doc - Password manager - Documentation
keepassx - Cross Platform Password Manager
keychain - key manager for OpenSSH
kpcli - command line interface to KeePassX password manager databases
kwalletmanager - secure password wallet manager
makepasswd - Generate and encrypt passwords
otp - Generator for One Time Pads or Passwords
pasaffe - Password manager for GNOME
pass - lightweight directory-based password manager
password-gorilla - cross-platform password manager
prayer-accountd - account management daemon for Prayer
pwman3 - console password management application
python-smbpasswd - This module can generate both LANMAN and NT password hashes
revelation - GNOME2 Password manager
sympa - Modern mailing list manager
sysrqd - small daemon intended to manage Linux SysRq over network
trac-accountmanager - account management plugin for Trac
trocla - generate and store passwords and certificates on a central server
tuxcmd-modules - VFS modules for tuxcmd file manager
usermode - Graphical tools for certain user account management tasks
xdm - X display manager
xul-ext-form-history-control - extension to manage form history
xul-ext-password-editor - edit password manager entries in Mozilla applications
yubikey-neo-manager - YubiKey NEO management graphical user interface