How to generate random password using command-line

This time I want to show you how to generate random password using OpenSSL tool, common command-line utilities, Pasword Generator (pwgen) and Automated Pasword Generator (APG).

OpenSSL command-line tool

Use openssl command to generate number of pseudo-random bytes, perform base64 encoding and truncate the result to specified number of characters as it will be padded.

$ openssl rand -base64 16 | colrm 17
/gZDZfL54a+ugAOc
Note that you are limited to particular set of 64 characters (A–Z, a–z, 0–9, + and /) due to base64 encoding on the output.

Daily usage

Create Bash shell function to generate random password with defined length.

generate_password() {
  ((test -n "$1" && test "$1" -ge 0) && \
    openssl rand -base64 $1 | colrm $(expr $1 + 1)) 2>&-;
};

Alternatively, extend it for pretty and colourful output.

generate_colourful_password() {
  ((test -n "$1" && test "$1" -ge 0) && \
    password=$(openssl rand -base64 $1 | colrm $(expr $1 + 1));
    while read -n1 character; do
      case $character in
        [0-9]) echo -n $(tput setaf 4)${character}$(tput sgr0) ;;
        [a-Z]) echo -n $(tput setaf 1)${character}$(tput sgr0) ;;
        *) echo -n $(tput setaf 2)${character}$(tput sgr0) ;;
      esac
    done < <(echo -n "$password");
    echo;
  ) 2>&-;
};

Create an alias and store it alongside the preceding function inside ~/.bashrc file.

alias gen_pass=generate_colourful_password
$ gen_pass 20
q/Hn7DfCBuPO1GYHHnFi

Basic shell utilities

Print the first 10 lines from the kernel's random number generator, remove all non printable characters including space, wrap each line to fit in specified width, delete last line as it can be shorter and print random line.

$ head /dev/urandom | tr -dc '[:graph:]' | fold -w16 | sed '$d' | shuf -n1
~Zxk[jox0nC06.w#

Daily usage

Create Bash shell function to generate random password with defined length.

generate_password() {
  ((test -n "$1" && test "$1" -ge 0) && \
    head /dev/urandom | tr -dc '[:graph:]' | fold -w$1 | sed '$d' | shuf -n1) 2>&-;
};

Alternatively, extend it for pretty and colourful output.

generate_colourful_password() {
  ((test -n "$1" && test "$1" -ge 0) && \
    password=$(head /dev/urandom | tr -dc '[:graph:]' | fold -w$1 | sed '$d' | shuf -n1);
    while read -n1 character; do
      case $character in
        [0-9]) echo -n $(tput setaf 4)${character}$(tput sgr0) ;;
        [a-Z]) echo -n $(tput setaf 1)${character}$(tput sgr0) ;;
        *) echo -n $(tput setaf 2)${character}$(tput sgr0) ;;
      esac
    done < <(echo -n "$password");
    echo;
  ) 2>&-;
};

Create an alias and store it alongside the preceding function inside ~/.bashrc file.

alias gen_pass=generate_colourful_password
$ gen_pass 20
PE5%6!GJ]7RBP$#QI4C|

Password Generator

Installation

Install pwgen - Password Generator using the following command.

$ sudo apt-get install pwgen

Basic usage

Use pwgen command to generate secure password.

$ pwgen -s -N 1 -cny 20
sRk]C^oChJ3Veo/G^rro    

Description and purpose of parameters.

-sGenerate completely random, hard-to-memorize password.
-N 1Generate only one password.
-cnyRequire c capital letters, n numbers and y symbols.
20Password length is set to 20 characters.

Read the manual page.

$ man pwgen

Daily usage

Create Bash shell function to generate random password with defined length.

generate_password() {
  ((test -n "$1" && test "$1" -ge 0) && \
    pwgen -s -N 1 -cny $1) 2>&-;
};

Alternatively, extend it for pretty and colourful output.

generate_colourful_password() {
  ((test -n "$1" && test "$1" -ge 0) && \
    password=$(pwgen -s -N 1 -cny $1);
    while read -n1 character; do
      case $character in
        [0-9]) echo -n $(tput setaf 4)${character}$(tput sgr0) ;;
        [a-Z]) echo -n $(tput setaf 1)${character}$(tput sgr0) ;;
        *) echo -n $(tput setaf 2)${character}$(tput sgr0) ;;
      esac
    done < <(echo -n "$password");
    echo;
  ) 2>&-;
};

Create an alias and store it alongside the preceding function inside ~/.bashrc file.

alias gen_pass=generate_colourful_password
$ gen_pass 20
W76k}bt+Cb,deLZN2P-x

Automated Pasword Generator

Installation

Install APG - Automated Pasword Generator using the following command.

$ sudo apt-get install apg

Basic usage

Use apg command to generate secure password.

$ apg -m 20 -x 1 -M SNCL -a 1 -n 1
$7(u23~ez>s`PlWcsm5C

Description and purpose of parameters.

-m 20Minimum password length is set to 20 characters.
-x 1Maximum password length. It is shorter then previous value, so it is assumed to be equal the minimum password length.
-M SNCLRequire S symbols, N numbers, C capital letters and L small letters.
-a 1Use random character password generation instead of pronounceable ones.
-n 1Generate only one password.

Read the manual page.

$ man pwgen

Daily usage

Create Bash shell function to generate random password with defined length.

generate_password() {
  ((test -n "$1" && test "$1" -ge 0) && \
    apg -m $1 -x 1 -M SNCL -a 1 -n 1) 2>&-;
};

Alternatively, extend it for pretty and colourful output.

generate_colourful_password() {
  ((test -n "$1" && test "$1" -ge 0) && \
    password=$(apg -m $1 -x 1 -M SNCL -a 1 -n 1);
    while read -n1 character; do
      case $character in
        [0-9]) echo -n $(tput setaf 4)${character}$(tput sgr0) ;;
        [a-Z]) echo -n $(tput setaf 1)${character}$(tput sgr0) ;;
        *) echo -n $(tput setaf 2)${character}$(tput sgr0) ;;
      esac
    done < <(echo -n "$password");
    echo;
  ) 2>&-;
};

Create an alias and store it alongside the preceding function inside ~/.bashrc file.

alias gen_pass=generate_colourful_password
$ gen_pass 20
x`y5d&lRTMYr@}x8tW'{

Additional notes

Feel free to inspect other solutions.

$ apt-cache search password | grep -v lib | grep -i -e "generat[e|or]" -e "manage"  
apg - Automated Password Generator - Standalone version
aptdaemon - transaction based package management service
assword - Simple and secure password management and retrieval system.
cewl - custom word list generator
cpm - Curses based password manager using PGP-encryption
cryptmount - Management of encrypted file systems
gpw - Trigraph Password Generator
gringotts - secure password and data storage manager
kedpm - KED Password Manager
kedpm-gtk - KED Password Manager
keepass2 - Password manager
keepass2-doc - Password manager - Documentation
keepassx - Cross Platform Password Manager
keychain - key manager for OpenSSH
kpcli - command line interface to KeePassX password manager databases
kwalletmanager - secure password wallet manager
makepasswd - Generate and encrypt passwords
otp - Generator for One Time Pads or Passwords
pasaffe - Password manager for GNOME
pass - lightweight directory-based password manager
password-gorilla - cross-platform password manager
prayer-accountd - account management daemon for Prayer
pwman3 - console password management application
python-smbpasswd - This module can generate both LANMAN and NT password hashes
revelation - GNOME2 Password manager
sympa - Modern mailing list manager
sysrqd - small daemon intended to manage Linux SysRq over network
trac-accountmanager - account management plugin for Trac
trocla - generate and store passwords and certificates on a central server
tuxcmd-modules - VFS modules for tuxcmd file manager
usermode - Graphical tools for certain user account management tasks
xdm - X display manager
xul-ext-form-history-control - extension to manage form history
xul-ext-password-editor - edit password manager entries in Mozilla applications
yubikey-neo-manager - YubiKey NEO management graphical user interface
Milosz Galazka's Picture

About Milosz Galazka

Milosz is a system administrator working for a successful Polish company and a long time supporter of Free Software Foundation and Debian operating system.

Gdansk, Poland https://sleeplessbeastie.eu