On Sat, Feb 21, 2026 at 07:27:54AM +0000, Eric Johnson wrote:
> If you want random passwords, why not just use
> openssl rand -base64 32
> or
> openssl rand -hex 32
>
> What I have done in the past was create passwords with:
> openssl rand -hex 60
> for user accounts that are intended to only be used via ssh with ssh keys.
I'm presuming that the intention of the OP was to make a accounts with an
unknown password, (long and random), for a purpose such as this.
A very good idea would be to read the manual page for passwd(5), (so
'man 5 passwd').
There you will find some very useful advice, specifically that accounts that
are not intended to be logged in to are set up with a single asterisk in the
password field.
No need for random junk random passwords.
> For what it's worth, my servers all permit ssh access only via IPv6. This
> cuts down nearly all attempts to connect.
It does indeed.
Regarding the OP's password generation script, I'll look at it shortly and
highlight any obvious bugs.
No comments:
Post a Comment