Verify password hash in bash script?
Clash Royale CLAN TAG#URR8PPP
up vote
0
down vote
favorite
Related to Why is the root password on Linux Mint my user password?
It appears that my Mint 17.3 box has a root password set: I see a password hash in /etc/shadow (it starts with $6$...). I'd like to compare this password hash with my (known) user password.
For whatever reason, I don't trust su - (in the linked question) to not use my password, vs. the root password.
Is there a simple way (in bash, e.g.) to compare a known hash with a known password and see if they match?
bash password
asked Nov 29 '17 at 10:23
Roger Lipscombe
714620
 |Â
show 2 more comments
up vote
0
down vote
favorite
Related to Why is the root password on Linux Mint my user password?
It appears that my Mint 17.3 box has a root password set: I see a password hash in /etc/shadow (it starts with $6$...). I'd like to compare this password hash with my (known) user password.
For whatever reason, I don't trust su - (in the linked question) to not use my password, vs. the root password.
Is there a simple way (in bash, e.g.) to compare a known hash with a known password and see if they match?
bash password
asked Nov 29 '17 at 10:23
Roger Lipscombe
714620
Once I'd figured out that$6$means it's a SHA-512 hash, I found the answer here: unix.stackexchange.com/q/52108/46851
– Roger Lipscombe
Nov 29 '17 at 10:35
If you don't trustsuto use the root password (which it should), then I must assume your machine is compromised in some way. Is that correct?
– Kusalananda
Nov 29 '17 at 11:13
No. I'm not worried about compromise. I don't trust myself to not get confused betweensuandsudo. By taking them out of the equation, I can verify only the hash in/etc/shadow, without anything else in the way.
– Roger Lipscombe
Nov 29 '17 at 11:18
For example: it's possible that there's a configuration setting that causessuto allow me to use my user password in the same way assudodoes. Is there? Probably not. But I don't know for sure.
– Roger Lipscombe
Nov 29 '17 at 11:19
No. I'm not planning on reimplementingsu; that would be stupid. After the "Apple re-enables your root account without a password" thing today, I went looking to see if I had a root password. To my surprise, I did. I found the other question ("Why is the root password on Linux Mint...?"). I was looking for a good way to simply (i.e. nosu, nosudo, nossh) see what password the root account had. So: verify the hash.
– Roger Lipscombe
Nov 29 '17 at 17:42
 |Â
show 2 more comments
up vote
0
down vote
favorite
up vote
0
down vote
favorite
Related to Why is the root password on Linux Mint my user password?
It appears that my Mint 17.3 box has a root password set: I see a password hash in /etc/shadow (it starts with $6$...). I'd like to compare this password hash with my (known) user password.
For whatever reason, I don't trust su - (in the linked question) to not use my password, vs. the root password.
Is there a simple way (in bash, e.g.) to compare a known hash with a known password and see if they match?
bash password
asked Nov 29 '17 at 10:23
Roger Lipscombe
714620
Related to Why is the root password on Linux Mint my user password?
It appears that my Mint 17.3 box has a root password set: I see a password hash in /etc/shadow (it starts with $6$...). I'd like to compare this password hash with my (known) user password.
For whatever reason, I don't trust su - (in the linked question) to not use my password, vs. the root password.
Is there a simple way (in bash, e.g.) to compare a known hash with a known password and see if they match?
bash password
asked Nov 29 '17 at 10:23
Roger Lipscombe
714620
asked Nov 29 '17 at 10:23
Roger Lipscombe
714620
asked Nov 29 '17 at 10:23
Roger Lipscombe
714620
asked Nov 29 '17 at 10:23
Roger Lipscombe
714620
714620
Once I'd figured out that$6$means it's a SHA-512 hash, I found the answer here: unix.stackexchange.com/q/52108/46851
– Roger Lipscombe
Nov 29 '17 at 10:35
If you don't trustsuto use the root password (which it should), then I must assume your machine is compromised in some way. Is that correct?
– Kusalananda
Nov 29 '17 at 11:13
No. I'm not worried about compromise. I don't trust myself to not get confused betweensuandsudo. By taking them out of the equation, I can verify only the hash in/etc/shadow, without anything else in the way.
– Roger Lipscombe
Nov 29 '17 at 11:18
For example: it's possible that there's a configuration setting that causessuto allow me to use my user password in the same way assudodoes. Is there? Probably not. But I don't know for sure.
– Roger Lipscombe
Nov 29 '17 at 11:19
No. I'm not planning on reimplementingsu; that would be stupid. After the "Apple re-enables your root account without a password" thing today, I went looking to see if I had a root password. To my surprise, I did. I found the other question ("Why is the root password on Linux Mint...?"). I was looking for a good way to simply (i.e. nosu, nosudo, nossh) see what password the root account had. So: verify the hash.
– Roger Lipscombe
Nov 29 '17 at 17:42
 |Â
show 2 more comments
Once I'd figured out that$6$means it's a SHA-512 hash, I found the answer here: unix.stackexchange.com/q/52108/46851
– Roger Lipscombe
Nov 29 '17 at 10:35
If you don't trustsuto use the root password (which it should), then I must assume your machine is compromised in some way. Is that correct?
– Kusalananda
Nov 29 '17 at 11:13
No. I'm not worried about compromise. I don't trust myself to not get confused betweensuandsudo. By taking them out of the equation, I can verify only the hash in/etc/shadow, without anything else in the way.
– Roger Lipscombe
Nov 29 '17 at 11:18
For example: it's possible that there's a configuration setting that causessuto allow me to use my user password in the same way assudodoes. Is there? Probably not. But I don't know for sure.
– Roger Lipscombe
Nov 29 '17 at 11:19
No. I'm not planning on reimplementingsu; that would be stupid. After the "Apple re-enables your root account without a password" thing today, I went looking to see if I had a root password. To my surprise, I did. I found the other question ("Why is the root password on Linux Mint...?"). I was looking for a good way to simply (i.e. nosu, nosudo, nossh) see what password the root account had. So: verify the hash.
– Roger Lipscombe
Nov 29 '17 at 17:42
Once I'd figured out that
$6$ means it's a SHA-512 hash, I found the answer here: unix.stackexchange.com/q/52108/46851– Roger Lipscombe
Nov 29 '17 at 10:35
Once I'd figured out that
$6$ means it's a SHA-512 hash, I found the answer here: unix.stackexchange.com/q/52108/46851– Roger Lipscombe
Nov 29 '17 at 10:35
If you don't trust
su to use the root password (which it should), then I must assume your machine is compromised in some way. Is that correct?– Kusalananda
Nov 29 '17 at 11:13
If you don't trust
su to use the root password (which it should), then I must assume your machine is compromised in some way. Is that correct?– Kusalananda
Nov 29 '17 at 11:13
No. I'm not worried about compromise. I don't trust myself to not get confused between
su and sudo. By taking them out of the equation, I can verify only the hash in /etc/shadow, without anything else in the way.– Roger Lipscombe
Nov 29 '17 at 11:18
No. I'm not worried about compromise. I don't trust myself to not get confused between
su and sudo. By taking them out of the equation, I can verify only the hash in /etc/shadow, without anything else in the way.– Roger Lipscombe
Nov 29 '17 at 11:18
For example: it's possible that there's a configuration setting that causes
su to allow me to use my user password in the same way as sudo does. Is there? Probably not. But I don't know for sure.– Roger Lipscombe
Nov 29 '17 at 11:19
For example: it's possible that there's a configuration setting that causes
su to allow me to use my user password in the same way as sudo does. Is there? Probably not. But I don't know for sure.– Roger Lipscombe
Nov 29 '17 at 11:19
No. I'm not planning on reimplementing
su; that would be stupid. After the "Apple re-enables your root account without a password" thing today, I went looking to see if I had a root password. To my surprise, I did. I found the other question ("Why is the root password on Linux Mint...?"). I was looking for a good way to simply (i.e. no su, no sudo, no ssh) see what password the root account had. So: verify the hash.– Roger Lipscombe
Nov 29 '17 at 17:42
No. I'm not planning on reimplementing
su; that would be stupid. After the "Apple re-enables your root account without a password" thing today, I went looking to see if I had a root password. To my surprise, I did. I found the other question ("Why is the root password on Linux Mint...?"). I was looking for a good way to simply (i.e. no su, no sudo, no ssh) see what password the root account had. So: verify the hash.– Roger Lipscombe
Nov 29 '17 at 17:42
 |Â
show 2 more comments
3 Answers
3
active
oldest
votes
up vote
2
down vote
accepted
Find the salt used in /etc/shadow, it's the characters between the second and third $, usually there will be eight.
Use mkpasswd -m sha-512 -S <salt>, and enter the password you think it's suposed to be when it asks. It will output the hash with $6$<salt>$ prefixed.
answered Nov 29 '17 at 12:27
Henrik
3,1791418
2
It's-m sha-512(with the hyphen) on Mint 17.3; usemkpasswd -m helpfor the list.
– Roger Lipscombe
Nov 29 '17 at 15:51
That hyphen is also in the method name on my debian, and probably in general, so it was a typo, that I've fixed now.
– Henrik
Nov 30 '17 at 9:49
I'll have to agree with the man page statement that claims it's overfeatured. It's a shame one can't just pass the salt in its already encoded form (like$6$round=x$salt$here) directly instead of having to pass the algorithm, salt and round as separate options formkpasswdto reconstruct the$6$round=x$salt$salt passed tocrypt(3).
– Stéphane Chazelas
Nov 30 '17 at 9:54
add a comment |Â
up vote
2
down vote
In the end, you need to call the crypt(3) function from the libcrypt (which on GNU systems like Linux Mint comes with the GNU libc) with the password as first argument and the hash ($6$...) as second argument.
python is one such tool that exposes that function, so you can do:
HASH='$6$...' python2 -c 'import crypt, os, getpass
print(crypt.crypt(getpass.getpass(), os.environ["HASH"]))'
And if the output matches the hash, that was the right password.
$HASH above can be either the full hash (like $6$rounds=1234$somesalt$6eFBNhSgwEwdfZBHueBedpcqaVKGcV2DJy/tQMFd3JL88hwvgTkISJShnOUrbtP1fRs8I9rGIdsgWCoiujxD2/) or just the part of it up to the rightmost $, that is including the salt and optional round count ($6$rounds=1234$somesalt$).
Or you can do the verification in python:
HASH='$6$...' python2 -c '
import crypt, os, getpass
hash = os.environ["HASH"]
if crypt.crypt(getpass.getpass(), hash) == hash:
print "OK"
else:
print "Wrong password"'
(then obviously, $HASH has to contain the full hash).
With python, you can also call functions from arbitrary libraries using the ctypes module. So another way to call the system's crypt() function (not that you'd need to as crypt is one of the standard modules, it's just that I was earlier under the impression that the crypt module came with its own separate crypt() implementation) is with something like:
HASH='$6$...' python2 -c '
from ctypes import *
import os, getpass
l = CDLL("libcrypt.so.1")
l.crypt.restype = c_char_p
print l.crypt(getpass.getpass(), os.environ["HASH"])'
answered Nov 29 '17 at 14:52
Stéphane Chazelas
282k53520854
add a comment |Â
up vote
0
down vote
ssh root@localhost comes to mind, though your distribution may have disabled password-based login for root entirely and/or installed a keypair; or logging in on your usual graphical login screen as user root. (Even if you have automatic login enabled, the shutdown dialog may offer to login as another user.)
answered Nov 29 '17 at 10:28
Ulrich Schwarz
8,95012643
add a comment |Â
3 Answers
3
active
oldest
votes
3 Answers
3
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
2
down vote
accepted
Find the salt used in /etc/shadow, it's the characters between the second and third $, usually there will be eight.
Use mkpasswd -m sha-512 -S <salt>, and enter the password you think it's suposed to be when it asks. It will output the hash with $6$<salt>$ prefixed.
answered Nov 29 '17 at 12:27
Henrik
3,1791418
2
It's-m sha-512(with the hyphen) on Mint 17.3; usemkpasswd -m helpfor the list.
– Roger Lipscombe
Nov 29 '17 at 15:51
That hyphen is also in the method name on my debian, and probably in general, so it was a typo, that I've fixed now.
– Henrik
Nov 30 '17 at 9:49
I'll have to agree with the man page statement that claims it's overfeatured. It's a shame one can't just pass the salt in its already encoded form (like$6$round=x$salt$here) directly instead of having to pass the algorithm, salt and round as separate options formkpasswdto reconstruct the$6$round=x$salt$salt passed tocrypt(3).
– Stéphane Chazelas
Nov 30 '17 at 9:54
add a comment |Â
up vote
2
down vote
accepted
Find the salt used in /etc/shadow, it's the characters between the second and third $, usually there will be eight.
Use mkpasswd -m sha-512 -S <salt>, and enter the password you think it's suposed to be when it asks. It will output the hash with $6$<salt>$ prefixed.
answered Nov 29 '17 at 12:27
Henrik
3,1791418
2
It's-m sha-512(with the hyphen) on Mint 17.3; usemkpasswd -m helpfor the list.
– Roger Lipscombe
Nov 29 '17 at 15:51
That hyphen is also in the method name on my debian, and probably in general, so it was a typo, that I've fixed now.
– Henrik
Nov 30 '17 at 9:49
I'll have to agree with the man page statement that claims it's overfeatured. It's a shame one can't just pass the salt in its already encoded form (like$6$round=x$salt$here) directly instead of having to pass the algorithm, salt and round as separate options formkpasswdto reconstruct the$6$round=x$salt$salt passed tocrypt(3).
– Stéphane Chazelas
Nov 30 '17 at 9:54
add a comment |Â
up vote
2
down vote
accepted
up vote
2
down vote
accepted
Find the salt used in /etc/shadow, it's the characters between the second and third $, usually there will be eight.
Use mkpasswd -m sha-512 -S <salt>, and enter the password you think it's suposed to be when it asks. It will output the hash with $6$<salt>$ prefixed.
answered Nov 29 '17 at 12:27
Henrik
3,1791418
Find the salt used in /etc/shadow, it's the characters between the second and third $, usually there will be eight.
Use mkpasswd -m sha-512 -S <salt>, and enter the password you think it's suposed to be when it asks. It will output the hash with $6$<salt>$ prefixed.
answered Nov 29 '17 at 12:27
Henrik
3,1791418
edited Nov 30 '17 at 8:25
answered Nov 29 '17 at 12:27
Henrik
3,1791418
answered Nov 29 '17 at 12:27
Henrik
3,1791418
answered Nov 29 '17 at 12:27
Henrik
3,1791418
3,1791418
2
It's-m sha-512(with the hyphen) on Mint 17.3; usemkpasswd -m helpfor the list.
– Roger Lipscombe
Nov 29 '17 at 15:51
That hyphen is also in the method name on my debian, and probably in general, so it was a typo, that I've fixed now.
– Henrik
Nov 30 '17 at 9:49
I'll have to agree with the man page statement that claims it's overfeatured. It's a shame one can't just pass the salt in its already encoded form (like$6$round=x$salt$here) directly instead of having to pass the algorithm, salt and round as separate options formkpasswdto reconstruct the$6$round=x$salt$salt passed tocrypt(3).
– Stéphane Chazelas
Nov 30 '17 at 9:54
add a comment |Â
2
It's-m sha-512(with the hyphen) on Mint 17.3; usemkpasswd -m helpfor the list.
– Roger Lipscombe
Nov 29 '17 at 15:51
That hyphen is also in the method name on my debian, and probably in general, so it was a typo, that I've fixed now.
– Henrik
Nov 30 '17 at 9:49
I'll have to agree with the man page statement that claims it's overfeatured. It's a shame one can't just pass the salt in its already encoded form (like$6$round=x$salt$here) directly instead of having to pass the algorithm, salt and round as separate options formkpasswdto reconstruct the$6$round=x$salt$salt passed tocrypt(3).
– Stéphane Chazelas
Nov 30 '17 at 9:54
2
2
It's
-m sha-512 (with the hyphen) on Mint 17.3; use mkpasswd -m help for the list.– Roger Lipscombe
Nov 29 '17 at 15:51
It's
-m sha-512 (with the hyphen) on Mint 17.3; use mkpasswd -m help for the list.– Roger Lipscombe
Nov 29 '17 at 15:51
That hyphen is also in the method name on my debian, and probably in general, so it was a typo, that I've fixed now.
– Henrik
Nov 30 '17 at 9:49
That hyphen is also in the method name on my debian, and probably in general, so it was a typo, that I've fixed now.
– Henrik
Nov 30 '17 at 9:49
I'll have to agree with the man page statement that claims it's overfeatured. It's a shame one can't just pass the salt in its already encoded form (like
$6$round=x$salt$ here) directly instead of having to pass the algorithm, salt and round as separate options for mkpasswd to reconstruct the $6$round=x$salt$ salt passed to crypt(3).– Stéphane Chazelas
Nov 30 '17 at 9:54
I'll have to agree with the man page statement that claims it's overfeatured. It's a shame one can't just pass the salt in its already encoded form (like
$6$round=x$salt$ here) directly instead of having to pass the algorithm, salt and round as separate options for mkpasswd to reconstruct the $6$round=x$salt$ salt passed to crypt(3).– Stéphane Chazelas
Nov 30 '17 at 9:54
add a comment |Â
up vote
2
down vote
In the end, you need to call the crypt(3) function from the libcrypt (which on GNU systems like Linux Mint comes with the GNU libc) with the password as first argument and the hash ($6$...) as second argument.
python is one such tool that exposes that function, so you can do:
HASH='$6$...' python2 -c 'import crypt, os, getpass
print(crypt.crypt(getpass.getpass(), os.environ["HASH"]))'
And if the output matches the hash, that was the right password.
$HASH above can be either the full hash (like $6$rounds=1234$somesalt$6eFBNhSgwEwdfZBHueBedpcqaVKGcV2DJy/tQMFd3JL88hwvgTkISJShnOUrbtP1fRs8I9rGIdsgWCoiujxD2/) or just the part of it up to the rightmost $, that is including the salt and optional round count ($6$rounds=1234$somesalt$).
Or you can do the verification in python:
HASH='$6$...' python2 -c '
import crypt, os, getpass
hash = os.environ["HASH"]
if crypt.crypt(getpass.getpass(), hash) == hash:
print "OK"
else:
print "Wrong password"'
(then obviously, $HASH has to contain the full hash).
With python, you can also call functions from arbitrary libraries using the ctypes module. So another way to call the system's crypt() function (not that you'd need to as crypt is one of the standard modules, it's just that I was earlier under the impression that the crypt module came with its own separate crypt() implementation) is with something like:
HASH='$6$...' python2 -c '
from ctypes import *
import os, getpass
l = CDLL("libcrypt.so.1")
l.crypt.restype = c_char_p
print l.crypt(getpass.getpass(), os.environ["HASH"])'
answered Nov 29 '17 at 14:52
Stéphane Chazelas
282k53520854
add a comment |Â
up vote
2
down vote
In the end, you need to call the crypt(3) function from the libcrypt (which on GNU systems like Linux Mint comes with the GNU libc) with the password as first argument and the hash ($6$...) as second argument.
python is one such tool that exposes that function, so you can do:
HASH='$6$...' python2 -c 'import crypt, os, getpass
print(crypt.crypt(getpass.getpass(), os.environ["HASH"]))'
And if the output matches the hash, that was the right password.
$HASH above can be either the full hash (like $6$rounds=1234$somesalt$6eFBNhSgwEwdfZBHueBedpcqaVKGcV2DJy/tQMFd3JL88hwvgTkISJShnOUrbtP1fRs8I9rGIdsgWCoiujxD2/) or just the part of it up to the rightmost $, that is including the salt and optional round count ($6$rounds=1234$somesalt$).
Or you can do the verification in python:
HASH='$6$...' python2 -c '
import crypt, os, getpass
hash = os.environ["HASH"]
if crypt.crypt(getpass.getpass(), hash) == hash:
print "OK"
else:
print "Wrong password"'
(then obviously, $HASH has to contain the full hash).
With python, you can also call functions from arbitrary libraries using the ctypes module. So another way to call the system's crypt() function (not that you'd need to as crypt is one of the standard modules, it's just that I was earlier under the impression that the crypt module came with its own separate crypt() implementation) is with something like:
HASH='$6$...' python2 -c '
from ctypes import *
import os, getpass
l = CDLL("libcrypt.so.1")
l.crypt.restype = c_char_p
print l.crypt(getpass.getpass(), os.environ["HASH"])'
answered Nov 29 '17 at 14:52
Stéphane Chazelas
282k53520854
add a comment |Â
up vote
2
down vote
up vote
2
down vote
In the end, you need to call the crypt(3) function from the libcrypt (which on GNU systems like Linux Mint comes with the GNU libc) with the password as first argument and the hash ($6$...) as second argument.
python is one such tool that exposes that function, so you can do:
HASH='$6$...' python2 -c 'import crypt, os, getpass
print(crypt.crypt(getpass.getpass(), os.environ["HASH"]))'
And if the output matches the hash, that was the right password.
$HASH above can be either the full hash (like $6$rounds=1234$somesalt$6eFBNhSgwEwdfZBHueBedpcqaVKGcV2DJy/tQMFd3JL88hwvgTkISJShnOUrbtP1fRs8I9rGIdsgWCoiujxD2/) or just the part of it up to the rightmost $, that is including the salt and optional round count ($6$rounds=1234$somesalt$).
Or you can do the verification in python:
HASH='$6$...' python2 -c '
import crypt, os, getpass
hash = os.environ["HASH"]
if crypt.crypt(getpass.getpass(), hash) == hash:
print "OK"
else:
print "Wrong password"'
(then obviously, $HASH has to contain the full hash).
With python, you can also call functions from arbitrary libraries using the ctypes module. So another way to call the system's crypt() function (not that you'd need to as crypt is one of the standard modules, it's just that I was earlier under the impression that the crypt module came with its own separate crypt() implementation) is with something like:
HASH='$6$...' python2 -c '
from ctypes import *
import os, getpass
l = CDLL("libcrypt.so.1")
l.crypt.restype = c_char_p
print l.crypt(getpass.getpass(), os.environ["HASH"])'
answered Nov 29 '17 at 14:52
Stéphane Chazelas
282k53520854
In the end, you need to call the crypt(3) function from the libcrypt (which on GNU systems like Linux Mint comes with the GNU libc) with the password as first argument and the hash ($6$...) as second argument.
python is one such tool that exposes that function, so you can do:
HASH='$6$...' python2 -c 'import crypt, os, getpass
print(crypt.crypt(getpass.getpass(), os.environ["HASH"]))'
And if the output matches the hash, that was the right password.
$HASH above can be either the full hash (like $6$rounds=1234$somesalt$6eFBNhSgwEwdfZBHueBedpcqaVKGcV2DJy/tQMFd3JL88hwvgTkISJShnOUrbtP1fRs8I9rGIdsgWCoiujxD2/) or just the part of it up to the rightmost $, that is including the salt and optional round count ($6$rounds=1234$somesalt$).
Or you can do the verification in python:
HASH='$6$...' python2 -c '
import crypt, os, getpass
hash = os.environ["HASH"]
if crypt.crypt(getpass.getpass(), hash) == hash:
print "OK"
else:
print "Wrong password"'
(then obviously, $HASH has to contain the full hash).
With python, you can also call functions from arbitrary libraries using the ctypes module. So another way to call the system's crypt() function (not that you'd need to as crypt is one of the standard modules, it's just that I was earlier under the impression that the crypt module came with its own separate crypt() implementation) is with something like:
HASH='$6$...' python2 -c '
from ctypes import *
import os, getpass
l = CDLL("libcrypt.so.1")
l.crypt.restype = c_char_p
print l.crypt(getpass.getpass(), os.environ["HASH"])'
answered Nov 29 '17 at 14:52
Stéphane Chazelas
282k53520854
edited Nov 30 '17 at 10:23
answered Nov 29 '17 at 14:52
Stéphane Chazelas
282k53520854
answered Nov 29 '17 at 14:52
Stéphane Chazelas
282k53520854
answered Nov 29 '17 at 14:52
Stéphane Chazelas
282k53520854
282k53520854
add a comment |Â
add a comment |Â
up vote
0
down vote
ssh root@localhost comes to mind, though your distribution may have disabled password-based login for root entirely and/or installed a keypair; or logging in on your usual graphical login screen as user root. (Even if you have automatic login enabled, the shutdown dialog may offer to login as another user.)
answered Nov 29 '17 at 10:28
Ulrich Schwarz
8,95012643
add a comment |Â
up vote
0
down vote
ssh root@localhost comes to mind, though your distribution may have disabled password-based login for root entirely and/or installed a keypair; or logging in on your usual graphical login screen as user root. (Even if you have automatic login enabled, the shutdown dialog may offer to login as another user.)
answered Nov 29 '17 at 10:28
Ulrich Schwarz
8,95012643
add a comment |Â
up vote
0
down vote
up vote
0
down vote
ssh root@localhost comes to mind, though your distribution may have disabled password-based login for root entirely and/or installed a keypair; or logging in on your usual graphical login screen as user root. (Even if you have automatic login enabled, the shutdown dialog may offer to login as another user.)
answered Nov 29 '17 at 10:28
Ulrich Schwarz
8,95012643
ssh root@localhost comes to mind, though your distribution may have disabled password-based login for root entirely and/or installed a keypair; or logging in on your usual graphical login screen as user root. (Even if you have automatic login enabled, the shutdown dialog may offer to login as another user.)
answered Nov 29 '17 at 10:28
Ulrich Schwarz
8,95012643
answered Nov 29 '17 at 10:28
Ulrich Schwarz
8,95012643
answered Nov 29 '17 at 10:28
Ulrich Schwarz
8,95012643
answered Nov 29 '17 at 10:28
Ulrich Schwarz
8,95012643
8,95012643
add a comment |Â
add a comment |Â
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f407700%2fverify-password-hash-in-bash-script%23new-answer', 'question_page');
);
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Once I'd figured out that
$6$means it's a SHA-512 hash, I found the answer here: unix.stackexchange.com/q/52108/46851– Roger Lipscombe
Nov 29 '17 at 10:35
If you don't trust
suto use the root password (which it should), then I must assume your machine is compromised in some way. Is that correct?– Kusalananda
Nov 29 '17 at 11:13
No. I'm not worried about compromise. I don't trust myself to not get confused between
suandsudo. By taking them out of the equation, I can verify only the hash in/etc/shadow, without anything else in the way.– Roger Lipscombe
Nov 29 '17 at 11:18
For example: it's possible that there's a configuration setting that causes
suto allow me to use my user password in the same way assudodoes. Is there? Probably not. But I don't know for sure.– Roger Lipscombe
Nov 29 '17 at 11:19
No. I'm not planning on reimplementing
su; that would be stupid. After the "Apple re-enables your root account without a password" thing today, I went looking to see if I had a root password. To my surprise, I did. I found the other question ("Why is the root password on Linux Mint...?"). I was looking for a good way to simply (i.e. nosu, nosudo, nossh) see what password the root account had. So: verify the hash.– Roger Lipscombe
Nov 29 '17 at 17:42