What's new

Solved How to encrypt Password in merlin

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Henry

Occasional Visitor
Hi All,
Could someone have the experience to encrypt the password to save into shadow file?
I want auto-generating VPN client's username/password. for example, I want to generate users account range "Test-001, Test-002 ... Test-010" then also generate 10 random passwords for each user. My question is if I make the username and password by script auto-generated, my script should encrypt all passwords and save into //etc//shadow files for OpenVPN service login use.
Does anyone know the way to encrypt passwords for OpenVPN format similar below string text:

Test-002:$1$9GVmKHUI$3hl7E3WvaK3E.5YJo60VR0:0:0:99999:7:0:0:
Test-001:$1$9GVmKHUI$41OhAmAYa9HKWgD0qTwBe1:0:0:99999:7:0:0:
 
I don't want to hijack this thread, but I've been looking for a way to decrypt passwords stored in nvram, I know they are not encrypted using Crypt, I'm pretty sure passwords in nvram can be decrypted, not like passwords in //etc//shadow are nearly impossible to decrypt.

Do you have anything to share about how it works? @RMerlin

edit: now I know why there are double slashes in there // :confused:
 
@Yota right, the shadow file is made by the system and according to the following document
https://www.oreilly.com/library/view/practical-unix-and/0596003234/ch04s03.html

As the name implies, a shadow password file is a secondary password file that shadows the primary password file. On Solaris and Linux systems, the shadow password is usually stored in the file //etc//shadow and contains the encrypted password and a password expiration date. The //etc//shadow file is protected so that it can be read only by the superuser. Thus, an attacker cannot obtain a copy to use in verifying guesses of passwords.

The shadow file is read only.

So, my purpose is to generate VPN username and password automatically by script, not by manual.
Seems I make the whole thing too complicated. The easy way is below:
1. auto-create username and password like <Test-001>Test-001
2. Attach <Test-001>Test-001 end of vpn_serverx_clientlist. (nvram set vpn_serverx_clientlist=<Test-001>Test-001)
3. nvram commit
4. reboot
5. Then the Username <Test-001> and password Test-001 were auto-generated in //etc//password and //etc//shadow
 

Similar threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top