Linux password from command line

How To Linux Set or Change User Password

Linux Set User Password

Type following passwd command to change your own password:
$ passwd
Sample Outputs:

The user is first prompted for his/her old password if one is present. This password is then encrypted and compared against the stored password. The user has only one chance to enter the correct password. The super user is permitted to bypass this step so that forgotten passwords may be changed. A new password is tested for complexity. As a general guideline, passwords should consist of 10 to 20 characters including one or more from each of following sets:

1. Lower case alphabetics
2. Upper case alphabetics
3. Digits 0 thru 9
4. Punctuation marks/spacial characters

Linux change password for other user account

You need to login as the root user, type the following command to change password for user vivek:
# passwd vivek
OR
$ sudo passwd vivek
Sample putput:

• vivek – is username or account name.

Passwords do not display to the screen when you enter them. For example:

Linux changing user password using passwd

Linux Change Group Password

When the -g option is used, the password for the named group is changed. In this example, change password for group sales:
# passwd -g sales
The current group password is not prompted for. The -r option is used with the -g option to remove the current password from the named group. This allows group access to all members. The -R option is used with the -g option to restrict the named group for all users.

Changing user passwords on Linux

As a Linux system administrator (sysadmin) you can change password for any users on your server. To change a password on behalf of a user:

1. First sign on or “su” or “sudo” to the “root” account on Linux, run: sudo -i
2. Then type, passwd tom to change a password for tom user
3. The system will prompt you to enter a password twice

To change or set a new root (superuser) password type:
$ sudo passwd

Forcing Linux user to change password at their next login

By default, Linux passwords never expire for users. However, we can force users to change their password the next time they log in via GUI or CLI methods. The syntax is straightforward:
$ sudo passwd -e
$ sudo passwd —expire
Let us immediately expire an account’s password:
$ sudo passwd -e marlena
The system will confirm it:

When user try to login via ssh command, they will see the following on screen:

Locking and Unlocking user password of the named account

Note that the following local command does not disable the account. The user may still be able to login using another authentication token, such as an SSH key. To disable the account, administrators should use either usermod —expiredate 1 or sudo passwd —expire command. Also, users with a locked password are not allowed to change their password to get around the security policy set by sysadmin.

We can lock the password as follows:
$ sudo passwd -l
This option disables a password by changing it to a value which matches no possible encrypted value (it adds a ! at the beginning of the password in the /etc/shadow file. Want to unlock the password, try:
$ sudo passwd -u
The above command option re-enables a password by changing the password back to its previous value. In other words, to the value before using the -l option.

• No ads and tracking
• In-depth guides for developers and sysadmins at Opensourceflare✨
• Join my Patreon to support independent content creators and start reading latest guides:
  • How to set up Redis sentinel cluster on Ubuntu or Debian Linux
  • How To Set Up SSH Keys With YubiKey as two-factor authentication (U2F/FIDO2)
  • How to set up Mariadb Galera cluster on Ubuntu or Debian Linux
  • A podman tutorial for beginners – part I (run Linux containers without Docker and in daemonless mode)
  • How to protect Linux against rogue USB devices using USBGuard

Join Patreon ➔

A note about setting up a secure Linux password

Compromises in password security typically result from careless password selection. Avoid common password such as:

1. Words which appears in a dictionary
2. Your first and last name
3. Pet names
4. Kids or spouses names
5. License number
6. Date of birth (DoB)
7. Home or office address

I strongly recommend that you generate a unique password for all user accounts using your chosen password manager.

Conclusion

The passwd command line utility is used to update or change user’s password. The encrypted password is stored in /etc/shadow file and account information is in /etc/passwd file. To see all user account try grep command or cat command as follows:
$ cat /etc/passwd
$ grep ‘^userNameHere’ /etc/passwd
$ grep ‘^tom’ /etc/passwd
The guidance given in this quick tutorial should work with any Linux distribution, including Alpine, Arch, Ubuntu, Debian, RHEL, Fedora, Oracle CentOS, SUSE/OpenSUSE and other popular Linux distros.

🐧 Get the latest tutorials on Linux, Open Source & DevOps via

Источник

How to manage passwords from the command line on Linux

Last updated on October 14, 2020 by Dan Nanni

With password-based authentication so prevalent online these days, you may need or already use some sort of password management tool to keep track of all the passwords you are using. There are various online or offline services or software tools for that matter, and they vary in terms of their sophistication, user interface or target environments (e.g., enterprises or end users). For example, there are a few GUI-based password managers for end users, such as KeePass(X).

For those of you who do not want any kind of GUI dependency for password management, I will describe how to manage passwords from the command line by using pass , a simple command-line utility for password management.

The pass utility is in fact a shell script frontend which uses several other tools (e.g., gpg , pwgen , git , xsel ) to manage user’s password info using OpenPGP. Each password is encrypted with gpg utility, and stored in a local password store. Password info can be retrieved either via terminal or self-clearing clipboard interface.

The pass utility is quite flexible and extremely simple to use. You can store each password info in an OpenPGP-protected plain text file, and group different password files into multiple categories. It supports bash auto completion feature, so it is very convenient to fill in commands or long password names using TAB key.

Install pass on Linux

For Ubuntu, Debian or Linux Mint:

For Fedora:

For CentOS/RHEL:

For Arch Linux:

Initialize Local Password Store

Before using pass utility, you need to do one-time initialization step which involves creating a GPG key pair (if you don’t have one) and a local password store.

First, create a GPG key pair (i.e., public/private keys) as follows. If you already have your own GPG key pair, you can skip this step.

It will ask you a series of questions as shown below. If you are not sure, you can accept default answers. As part of key generation, you will set a passphrase for your secret key, which is essentially the master password required to access any password info stored in local password store. A successfully generated key pair will be stored in

Next, initialize the local password store by running the following command. For , enter the email address associated your GPG key created above.

This command will create a password store under

Manage Passwords from a Terminal with pass

1. Insert new password info

To insert new password info into local password store, use the following format.

is an arbitrary name you define, and can be hierarchical (e.g., finance/tdbank , online/gmail.com ), in which case the password info will be created in corresponding sub-directories under

If you want to insert password info as multi-lines, use -m option as follows. Type in password info in any format as you like, and press Ctrl+D to finish.

2. View a list of all password names

To view the list of all stored password names, simply type pass :

3. Retrieve password info from password store

To access the content of a particular password listing, simply use the command below:

You will be asked to enter the passphrase to unlock the secret key.

If you want the password to be copied to the clipboard, instead of appearing in the terminal screen, use this command instead:

Once copied to the clipboard, the password will automatically be cleared from the clipboard after 45 seconds.

4. Generate and store a new password in password store

With pass , you can also generate a new random password which you can use for any purpose. pass will use pwgen utility to generate a good random password. You can specify the length of a password, or generate a password with or without symbols.

For example, to generate a 10 -character password with no symbol, and store it under email/new_service.com listing:

5. Remove password info

Removing existing password info is easy:

To summarize, pass is extremely flexible, portable, and more importantly, easy to use. I highly recommend pass to anyone looking for a simple means to organize any kind of private info in a secure fashion, without relying on GUI dependency.

Support Xmodulo

This website is made possible by minimal ads and your gracious donation via PayPal (Credit Card) or Bitcoin ( 1M161JGAkz3oaHNvTiPFjNYkeABox8rb4g ).

Источник

Changing Linux User Password in One Command Line

In Linux, we use passwd to change password, but passwd requires input from stdin to get the new password. It is common case that we may want to change the password non-interactively, such as creating new user accounts and change or set password for these accounts on a number of Linux boxes when the new user creating can be done by one command line. With the help of pipe and a little tricky, we can change user’s password in one command line. This will save much time especially when creating a batch of user accounts.

We use one example to introduce how to change Linux user’s password in one command line. Suppose we login as root and want to change user linuxuser‘s password to linuxpassword.

The passwd command asks for the new password twice. And these two inputs (the same password) is separated by one «Enter». We can emulate this by the echo command with the -e option set. When -e is in effect, escaped characters will be interpreted. Hence, n in echo’s input is echoed as «new line». In addition, on modern Linux with sufficiently new passwd , you can use the —stdin option to let passwd accept a password from the STDIN instead of asking for the new password twice.

So to change the password in our example, we just execute this one command:

on modern Linux. (Thanks to DAVID for this tip)

This can also be put into one bash script or executed on remote node by the ssh command.

For example, we can change the password of linuxuser on a batch of servers (100 servers: 10.1.0.1 to 10.1.0.100) by:

Even further, we can create one user and set its initial password remotely by:

If you want to update your own password as a normal user, you may use

Security notes
You must be aware that the full command line can be viewed by all users in the Linux system and the password in the command line can be potentially leased. Only for cases where this is okay, you may consider using the method here.

Alternative method using chpasswd
chpasswd is a nice tool to change a batch of accounts’ passwords in one Linux box. It can be used to change a user’s password in one command line too. Check its manual for how to use it.

Eric Ma

Eric is a systems guy. Eric is interested in building high-performance and scalable distributed systems and related technologies. The views or opinions expressed here are solely Eric’s own and do not necessarily represent those of any third parties.

37 comments

Very useful to automation on several GNU/Linux servers deployement.
Matias Colli
UNIX/Linux SysAdmin

I got a problem,

when I was trying to changing the password of aaa,

sudo echo -e «abcd1234\nabcd1234» | passwd aaa

however, error pumps up,

passwd: You may not view or modify password information for aaa

I think there are some security setting with the system, which did not allow me to do so,

how to solve this out.

echo -e «abcd1234nabcd1234» | sudo passwd aaa

echo -e «abcd1234» | sudo passwd —stdin aaa

Neither solution works for /bin/sh
Enter new UNIX password: Retype new UNIX password: passwd: Authentication token manipulation error
passwd: password unchanged

They work only for /bin/bash
Any solution to /bin/sh?

Thanks in advance

Did it work for you under /bin/bash? That’s interesting.

What’s your exact command and the output?

And which OS are you working on? I believe my OS (Fedora 22) has quite different messages printed out from yours:

$ passwd
Changing password for user zma.
Changing password for zma.
(current) UNIX password:

Showing us `passwd –help` will also be helpful to answer your question.

echo -e “changedpassword\ntestingpassword\ntestingpassword” | passwd

I wrote it as a shell script and executed but password authentication failure.

the same code is exucuted on a terminal and seems to be working fine

how can i solve the problem

Did you write your shell script on a windows machine then upload it to the linux machine?

What if I have normal user access on each remote server and I want to change all remote servers
password which contains same username. I think it will ask for password if haven’t configure password less auth.

In this case what command helps.

Thanks in advance

Hi Sumit, it is not impossible. You may use the Password-based “password-less” ssh login if your passwords on all these servers are the same or can be programmatically generated to be passed to sshpass.

its giving token manipulation error.
for ((i=1;i

When you update your own password, `passwd` command requires 3 input, one of your current password and twice of your new password. So the command may be:

what if the list of ip addresses of servers’s in a text file.

In general, you have at least two methods to do actions to each item in a line in a text file txt:

Here, there should be no space in each item.

You can replace the `echo $i` with the actions you would like to do (calling passwd in this example).

I tried your provided method on changing password of SUN Solaris but somehow solaris is not taking provided password parameter and post hitting enter asking password.

Unix like Solaris may have a different convention for the `passwd` command. The `–stdin` method seems not supported. I am not sure whether the 2nd method works. Sorry, I did not have a Solaris to test.

When -e is in effect, escaped characters will be interpreted. Instead of “When ‘-e‘ is in effect, ‘n‘ in echo’s input is echoed as “new line”.” Just a minor tweak for clarity. Thank you for the tip. Used it in a script to set up new servers quickly!

Glad to know it helps! Yes, that is more clearer with the “escaped characters” as a whole picture of the meaning. Improved the post. Thanks!

I also have a SOLARIS based machine. I want to find a solution to change the password with only one line because I want to change it via Java app. I tried lots of versions of echo but no success.
Please, can someone give a solution to change the password on a SOLARIS based server? It would be much appreciated. PS: i am just a basic user, not the root.

I’ve had a hard time getting this to work, I was getting this:

echo -e “linuxpassword\nlinuxpassword” | passwd linuxuser
Enter new UNIX password: Retype new UNIX password: Sorry, passwords do not match
passwd: Authentication token manipulation error
passwd: password unchanged

Turns out that I was on sh instead of bash as it is the default shell for docker build…
I had to tell it to use bash in the dockerfile like so:
RUN [“/bin/bash”, “-c”, “echo -e ‘linuxpassword\nlinuxpassword’ | passwd linuxuser”]

You may try the `passwd –stdin` method if the `passwd` in your environment is modern enough to accept `–stdin`.

Thanks for the post. My question is I have to change root password on 100 plus servers with different passwords which should generate using mkpasswd like # mkpasswd -l 8 -d 1 -c 0 -s 1 and generated passwords along with server names should store in a file. How can we achieve this though script. Thanks in advance for your support.

Example : This is for single server. Want it for 100 servers where my servers name is stored in servernames.txt file as
server1
server2
#!/bin/bash
usepasswd=$(mkpasswd -l 8 -d 1 -c 0 -s 1)
echo “$usepasswd” > /root/rpwansiclient.txt
ssh root@server1 “echo $usepasswd|passwd root –stdin”
#

You can extend your script by using a `for` loop. For example,

#!/bin/bash
for svr in `cat servernames.txt`; do
usepasswd=$(mkpasswd -l 8 -d 1 -c 0 -s 1)
echo “$svr $usepasswd” >> /root/rpwansiclient.txt
ssh root@$svr “echo $usepasswd | passwd root –stdin”
done

Thanks a lot Eric for the needful help.

Does this cause security concerns with the username and password contained all on the same command line? I thought all commands were logged somewhere.

If you are running under ‘root’ in bash, the command is logged under

/.bash_history. This file should be only accessible by root by common Linux configurations.

During the execution of the command, there is a very short period of time the other users can see the command. Putting the password in a file and then use a command like `cat passfile | passwd –stdin username` may get rid of this.

If the password is very sensitive, typing manually may be safer.

Can u create password using $ in Linux Env. ?

# echo ‘your$pass’ | passwd —stdin user1
Changing password for user user1.
passwd: all authentication tokens updated successfully.

Thanks very much for this!

One thing I observed, is a password ending in an “!” messed with the command. for example:

echo -e “Password!\nPassword!” | passwd testuser

bash: !\nPassword!”: event not found

I don’t understand this enough to know why, but just wanted to pass it on

`!` is a special character in Bash http://mirror.pkill.info/ldp/LDP/LDP/abs/html/special-chars.html . “from the command line, the ! invokes the Bash history mechanism”.

Try this instead

Eric, thanks, will give that a try

The command intended for this is chpasswd

Looks a nice tool, especially useful for batch account password changing. Thanks for sharing this.

I have One scenario.
password for my user “abc” expired.
I am trying to connect “abc” from “xyz” user via “ssh abc@IPADDRESS”(using passwordless Authentication ) and it asks below
WARNING: Your password has expired.
You must change your password now and login again!
Changing password for user abc.
Changing password for abc.
(current) UNIX password

I dont want to make any changes in password policy or chage -l abc.

Is there any way i can connect by using “ssh abc@IPADDRESS” and skip that warning
of changing password.

Regards,
Manish J

im using ubuntu on windows 10.how to create password ?.
its asking for password while using sudo command

to me work with this sentence:
for ((i=1;i

While you are creating a script I recommend using it as bellow, due to probably encoding(?) differences. For example in my case ‘new line’ – ‘\n’ doesn’t work… Using the console i must type ‘^J’, and this mean ‘new line’ in my system.

echo -e “password //(just type enter)
password” | sudo passed user

Источник