Creating a Secure Password for Your Linux Server

Sysadmins will often have to set up new servers or harden existing server passwords during security audits. As a result, secure passwords have to be chosen for SFTP, admin panel, etc.

Many practices make servers secure, but it is often neglected to use secure passwords.

Note that I have not included the SSH or MySQL root password above. If you are serious about security, these should not be accessed via remote password login.

To SSH, you should already have use authentication key and set password authentication number in your SSHD config file.

For MySQL, you should use skip-networking bind-address = 127.0.0.1 and/or iptables to block port 3306 or restrict access to specific IP(s). If MySQL is on the same server, connect via socket.

create secure password

For choosing a secure password, here’s what’s recommended:

  • Password must be at least 10 16 characters in length.
  • Include letters (mixed case), numbers, and special characters.

Using pwgen to generate secure passwords

Here’s my go-to command-line method for secure password generation. The command I use is:

pwgen -y 32

more secure and easy to remember Using the word ‘sync’:

pwgen -sync 16

Read more at pwgen, On most Linux distros, you can install pwgen using the system package manager. for example:

apt install pwgen

either

dnf install pwgen

Once installed, here’s an explanation of the command I’m using above. You can customize it to meet your needs.

-s, -safe: Generate completely random, difficult to remember passwords.

-y, –symbol: Include at least one special character in the password.

-n, -digit: Please include at least one number in the password.

-c, -capitalization: Include at least one capital letter in the password.

16: The length of the generated password.

Need less generated passwords? Use pwgen -sync 16 1 where 1 = number of password results.

Using Pass to Create a Secure Password

with passEach password a. lives inside gpg Encrypted file whose filename is the title of a website or resource that requires a password. These encrypted files can be organized into meaningful folder hierarchies, copied from computer to computer, and, in general, manipulated using standard command-line file management utilities. Thus, Pass is also a command-line password manager.

,

This is an updated article from 2013. Here is the previous method of the original article…

Use the urandom command to generate a secure password

recommended urandom

< /dev/urandom tr -dc '[:graph:]' | head -c16;echo;

right hand only urandom

< /dev/urandom tr -dc '67890^*_+-=;:,.?yuiopYUIOPhjklHJKLbnmBNM' | head -c16;echo;

left hand only urandom

< /dev/urandom tr -dc '12345!@#$%qwertQWERTasdfgASDFGzxcvbZXCVB' | head -c16;echo;

Making it into an Easy to Remember Command

edit your bashrc

vi ~/.bashrc

Add this line:

spw(){ insert one of the above options here }

Example:

spw(){ < /dev/urandom tr -dc '[:graph:]' | head -c16;echo; }

Save and restart the server, or even better, just reload using bash:

source ~/.bash_profile

Now in the future, just type the following to create a secure password:

spw

spw

Using these methods, it would seem Trillions of years to crack your password. That’s why a strong password is essential.

how secure is my password

Other Linux commands use OpenSSL, dd and date to generate passwords, but urandom pwgen is my preferred method. Feel free to add your own methods below.

Also, remember that you must have security in place to avoid brute force password cracking. For example, after 5 unsuccessful attempts, the IP should be blocked and reported (for example, abuse,

More about how I set it up in a later article.

Published: 23 November 2013
Last Updated: July 27, 2021

Leave a Comment