- SSH server配置问题
- 通过远程或者VNC的方式键入密码传递到系统内时候发生了变动- 记错密码
- User login name
- salt and hashed password OR a status exception value e.g.:
- "$id$salt$hashed", the printable form of a password hash as produced by crypt (C), where "$id" is the algorithm used. (On GNU/Linux, "$1$" stands for MD5, "$2a$" is Blowfish, "$2y$" is Blowfish (correct handling of 8-bit chars), "$5$" is SHA-256 and "$6$" is SHA-512, other Unix may have different values, like NetBSD. Key stretching is used to increase password cracking difficulty, using by default 1000 rounds of modified MD5, 64 rounds of Blowfish, 5000 rounds of SHA-256 or SHA-512. The number of rounds may be varied for Blowfish, or for SHA-256 and SHA-512 by using e.g. "$6$rounds=50000$".
- Empty string – No password, the account has no password (reported by passwd on Solaris with "NP").
- "!" – the account is password locked, user will be unable to log in via password authentication but other methods (e.g. ssh key) may be still allowed.
- "*LK*" or "*" – the account is locked, user will be unable to log in via password authentication but other methods (e.g. ssh key) may be still allowed.
- "!!" – the password has never been set (RedHat)
- Days since epoch of last password change
- Days until change allowed
- Days before change required
- Days warning for expiration
- Days before account inactive
- Days since epoch when account expires
ID | Method───────────────────────────────────────────────────────── 1 | MD5 2a | Blowfish (not in mainline glibc; added in some Linux distributions) 5 | SHA-256 (since glibc 2.7) 6 | SHA-512 (since glibc 2.7)
RHEL 6 and newer - python • Execute the following one-liner: $ python -c 'import crypt,getpass; print crypt.crypt(getpass.getpass())' Password: $6$Q3dbIWgPMCVBpRZK$QSw1cG41FImM0E8B.Hpx1G8eZGqHALzGg75LLAt.MkFZtVma3MHRGBpFSrXEEdVHwySr8B0JfXAgLHgmpSViI0In short, the above will prompt for input and then interface with python's implementation of the standard crypt() function, generating a shadow-compatible hash by choosing a random salt and the strongest hash method available (SHA-512) • For documentation, do as the following demonstrates $ python Python 2.6.6 (r266:84292, May 1 2012, 13:52:17) [GCC 4.4.6 20110731 (Red Hat 4.4.6-3)] on linux2 Type "help", "copyright", "credits" or "license" for more information.import crypt help(crypt)RHEL 5 and newer - perl • Execute the following one-liner: $ perl -le 'print "Password:";
stty -echo; chomp($passphrase=);
stty echo; @chars = ("a".."z", "A".."Z", 0..9, ".", "/"); $salt .= $chars[rand @chars] for 1..16; print crypt($passphrase, "$6$$salt");' Password: $6$RDGTu1VHQPH2NLpw$no4LMowmxaJogzYoIUdsfi7pfTz2EtzN//oRmEe12AEWc2h6NPoQwrWA4KYe4W0OSAUaBLOG8K59kzENV2bvY0 • Notes on the above perl code: ○ This code was tested by the author on RHEL 5 - RHEL 7; however, it is offered without any guarantees or warranty (to use it, ensure the quotation marks and backslashes are kept intact) ○ This code generates a SHA512-hashed password string; to use SHA256 instead, change the maroon-colored $6 to a $5