# Password Management For Generating password hashes, see [[password.hashes]] Password management is a critical role for any sysadmin. These four functions can help you with password management. They will work in both ksh and bash on openbsd or linux. **NOTE:** jot isn't installed by default in Debian Linux. Run this to install it: apt install athena-jot **NOTE:** this is an older version of jot then used in OpenBSD. It doesn't work as expected when combining -r -c to -rc so the code below was modified to be compatible with both. ---- Append these lines at the end of ~/.profile: # Generates a new random password 80 chars in length function newpass { jot -r -c -s _ 80 33 127 } # Generates a new alphanumeric password 80 chars in length function alnumpass { cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w ${1:-80} | head -n 1 } # Pages through all your passwords function getpass { openssl aes-256-cbc -d -a -in $HOME/password.asc | less } # Writes all your passwords to ~/password function allpass { openssl aes-256-cbc -d -a -in $HOME/password.asc -out $HOME/password } # Takes your passwords in ~/password, encrypts them, then overwrites password.asc function savepass { openssl aes-256-cbc -a -in $HOME/password -out $HOME/password.asc && rm -P $HOME/password cp $HOME/password.asc $HOME/password.asc.`date "+%25Y%25m%25d"` } To use the functions, first source the file: $ . ~/.profile Type this to view the defined functions $ functions Type the function in the command line: $ newpass ## Usage _newpass_ and _alnumpass_ generate passwords and print them to the screen. The specifics are left to the reader to decode from the commands. **Hint:** they generate 80 character passwords. Adjust according to your needs. The remaining functions manage encrypting, decrypting, and displaying a password file using openssl. To use it, first create a file called password in your home directory. $ vi ~/password Put what you want in this file. There is no set format. Once you're finished editing it, run this to encrypt it. $ savepass enter aes-256-cbc encryption password: Enter the password you wish to encrypt the file with at the prompt. It will encypt the file to ~/password.asc and create a dated backup file ~/password.asc.. It also deletes ~/password. To view the contents of your password file type this: $ getpass This decrypts the ~/password.asc file and pipes the output to less for viewing on the screen. It isn't obvious, but you are being prompted for the password to decrypt the file. Your input wont be shown on the screen. If you get it right, you'll see the contents of the file, if you get it wrong, you'll see encoded gibberish. It doesn't create a decrypted version of the password file either way. Hit q and enter to quit. To edit the password file type the following: $ allpass This decryptes the file to ~/password so you can edit it's contents. Remember to _savepass_ again when finished to encrypt the updated file and remove the decrypted version.