passwords

Easy command line password generation

A quickie, but it's quite handy for me.

Often I want a new password for something. I use 1password to store passwords (and I hope you're using a similar tool), and it's great, but it doesn't have much of a command line tool. Sometimes I just want a quick password, and the terminal is sure handy otherwise, so it'd be nice to have this, too.

Note: There is a 1password command line tool, it just doesn't serve this purpose well.

Option 1: OpenSSL

OpenSSH is a handy tool and it can output some great random strings, almost as if it was made for this purpose (hint: it essentially is for this purpose):

openssl rand -base64 12

This will give you a nice, 12 character string, looking something like:

BMN/fyc/l2hJ0T90

You can also fiddle with the encoding to get different types of strings (-hex instead of -base64, for instance).

Option 2: md5

One of the reasons I like having a Mac is that there should be easy ways to do things whenever possible. OpenSSL is awesome, and probably better in most technical ways, but if I want something just quick, easy, and reasonable, I take a shorter path to get there:

date | md5

Really, anything can go into the md5 function, but using date as a seed changes every second and produces decent results without needing to think of much, like:

a622971557507cd17b0e07fcb7d84e41

Now, MD5 is a bad way to store passwords, but being used to generate passwords is still fairly useful.

 

Are these great for everything? Not really, but for a quick random string for general use, I've found it quite handy.

 

Reset lost admin password for Raspberry Pi

Raspberry Pis are great, but sometimes their ability to keep running in the background can lead to forgotten root passwords. I've had more than one time where I was sure I knew the root password, only to learn that I had forgotten.

Luckily, Raspberry Pi has a "feature" that most Linux machines don't: very easily removable primary storage. 

To reset your password:

  • Power down and pull the SD card out from your Pi and put it into your computer.
  • Open the file 'cmdline.txt' and add 'init=/bin/sh' to the end. This will cause the machine to boot to single user mode.
  • Put the SD card back in the Pi and boot.
  • When the prompt comes up, type 'su' to log in as root (no password needed).
  • Type "passwd pi" and then follow the prompts to enter a new password.
  • Shut the machine down, then pull the card again and put the cmdline.txt file back the way it was by removing the 'init=/bin/sh' bit.

The cmdline.txt should look something like this:

dwc_otg.lpm_enable=0 console=ttyAMA0,115200 console=tty1 root=/dev/mmcblk0p2 rootfstype=ext4 elevator=deadline rootwait init=/bin/sh

It's worth noting that with this process being as easy as it is, to consider than a malicious person with physical access to your Raspberry Pi could do this as easily as you can.

 

Root account prompting for password:

If the root account is prompting for a password (not common) you can, back on your computer, open the /etc/shadow file and replace the root password in there with an asterisk. This will change the password to be blank.

 

Error when changing the password:

Note: Sometimes the password won't be able to be changed because the Pi will boot in a read-only mode. You'll get an error that you can't change the password. To fix this, remount the drive in read-write mode:

mount -o remount,rw /

 

Dashing widgets for Active Directory

A list of about to expire passwords.

A list of about to expire passwords.

Here's a set of Dashing widgets that give us some visibility to users with expiring passwords. This should run as a scheduled job on a domain controller. It queries through PowerShell the users and their password expirations.

The three widgets created are:

expiring_users

A list of expiring users, defaulting to all users within the next 14 days

expired_users

All expired users

locked_users

All users who have locked out their accounts

For expiring_users and expired_users, the widget doesn't need to update very often, but if you want to use locked_users, you may want to have the scheduled job run more frequently so you can respond more quickly when a user locks themselves out.

Additionally, a fourth widget is made that is essentially a set of all three of those in one:

Looks like Brian reset his password in time, but not Patrick.

Looks like Brian reset his password in time, but not Patrick.

active_directory_users

This one then will turn to a yellow/warning status if there's an expired user, and red/critical if there is a locked out user.

 

Below is the PowerShell script. Then just add the list widget to your Dashing dashboard as desired.