How can I create an encrypted password for useradd using python crypt or bcrypt?

Question

I'm trying to create a hashed password for debian/ubuntu useradd. I use python to create the hash and use bash to create the user with the hashed password. I think I'm doing something wrong because when I try to login with the user's password it doesn't work. I think it wants me to put in the actual hash.

In python, I created the encrypted hash password like this. It's in a python class but I shortened it so you could get the picture.

import crypt
import random

def salt(self):
    saltchars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789"
    return random.choice(saltchars) + random.choice(saltchars)

def custom_user(self):
    user = self.textEditUser.text()
    password = self.textEditPassword.text()
    hashed_pw = crypt.crypt(str(password), "$6$"+self.salt()) # say password is "password"
    print hashed_pw #returns $6$5l$lrm4UvmiYZcducdBFs8NortA.zeWuXrnmoVEYtLxmmDIGLN.9gjs.X6Z/fR6wDkh06lnDN8LTjzwrImSCR72T/

I use a separate bash script to create the user like this:

#!/bin/bash

PASSWORD='$6$5l$lrm4UvmiYZcducdBFs8NortA.zeWuXrnmoVEYtLxmmDIGLN.9gjs.X6Z/fR6wDkh06lnDN8LTjzwrImSCR72T/'
USERNAME="Jon"

if id -u $USERNAME >/dev/null 2>&1; then
    userdel -r -f $USERNAME
    useradd -m -p $PASSWORD -s /bin/bash $USERNAME
    usermod -a -G sudo $USERNAME
    echo $USERNAME:$PASSWORD | chpasswd

else
    useradd -m -p $PASSWORD -s /bin/bash $USERNAME
    usermod -a -G sudo $USERNAME
    echo $USERNAME:$PASSWORD | chpasswd
fi

How can I get I use my password instead of the hash to login later?

A quick trip to the manpage of chpasswd reveals it expects unencrypted passwords. There is an option to make it work otherwise, but you would have to make sure your password is encrypted in a way that makes it compatible with chpasswd. Using an unencrypted password is probably the way to go, unless you have already encrypted passwords you need to use. — Fred, Feb 25 '17 at 23:47
I do want it encrypted as I do no want the plain password in the bash file since I'll have a python function updating the password in the bash file. I just read a little bit of the chpasswd man page it states that I can use the `-e` option to specify that it's an encrypted password but I just don't know how it will be able to decode it. As you can tell I'm quite new to this. — answerSeeker, Feb 25 '17 at 23:57
If the password is kept in memory only (as it should), there is no problem with leaving it unencrypted. Provide the password as an argument to your Bash script when launching it from Python, and your problem is probably solved. — Fred, Feb 26 '17 at 00:02

score -1 · Answer 1 · answered Oct 11 '19 at 07:33

-1

python -c "import crypt; print crypt.crypt(\"foo\", \"\$6\$$(</dev/urandom tr -dc 'a-zA-Z0-9' | head -c 32)\$\")"

answered Oct 11 '19 at 07:33

Madu Alikor

2,544
4
21
36

1

Can you explain how this code works in relation to the question being asked? – denis_lor Oct 11 '19 at 09:05

How can I create an encrypted password for useradd using python crypt or bcrypt?

1 Answers1