I'm running into trouble trying to set passwords for my new users.
I found a tutorial indicating that mkpasswd -m sha-512 "my password here"
would produce a salted and hashed password that can be used in combination with useradd -m -p "hashed and salted passwd" -s /bin/bash username
, however when I tried this on a test user, I keep receiving Incorrect Login
.
I am running Ubuntu 16.04 and using mkpasswd
from the whois
package.
What am I doing wrong here?
Exact Steps
1) apt update
2) apt install whois
3) mkpasswd -m sha-512 "my password here"
produces: $6$1FuuSdKgVke$bc8doOVGZhzomoeafvcQnpYhAxfR4aWdAuYvbxSHw6ZCFZ4NC5j9C762kmvs4Pc66bv4.LYTfrlknm5cWx65g.
4) useradd -m -p $6$1FuuSdKgVke$bc8doOVGZhzomoeafvcQnpYhAxfR4aWdAuYvbxSHw6ZCFZ4NC5j9C762kmvs4Pc66bv4.LYTfrlknm5cWx65g. -s /bin/bash testuser
5) login testuser
Prompts for password:
6) type my password here
Says: Login incorrect
Would like to add that I tried the same thing with a password that has no spaces, and omitted the quotes from the mkpasswd
command. Neither seemed to make a difference.
I also tried to make the user without the -p flag (meaning don't add a password) and manually copied the salted/hashed password into /etc/shadow
which produces the same results as above, Login incorrect.
Even more interesting, if I use a subshell to put the value in, everything seems to work fine.
useradd -m -p $(mkpasswd -m sha-512 "my password") -s /bin/bash test
login test
type: my password
Logs in just fine!
Best Answer
Okay, I locked down the issue. Since the output of
mkpassword
will result in$id$salt$hash
, when you copy and paste this into auseradd
command, bash will try and do variable replacement on the$
. As such, those need to be escaped using\$id\$salt\$hash
so that bash will not do variable replacement before adding the string to/etc/shadow
.mkpasswd -m sha-512 "my password"
results in$6$5AfGzrQ9u$r6Q7Vt6h8f2rr4TuW4ZA22m6/eoQh9ciwUuMDtVBX31tR3Tb0o9EB1eBdZ2L9mvT.pX3dIEfxipMoQ0LtTR3V1
which can be copied and pasted into
useradd
making sure to replace each$
with\$
.useradd -m -s /bin/bash -p \$6\$5AfGzrQ9u\$r6Q7Vt6h8f2rr4TuW4ZA22m6/eoQh9ciwUuMDtVBX31tR3Tb0o9EB1eBdZ2L9mvT.pX3dIEfxipMoQ0LtTR3V1