Take an in-depth look at nginx basic login authentication: Using OpenSSL to generate passwords

Openssl passwd Manually generates a password

Introduction: In Linux system we need to manually generate a password can use opensll passwd to generate a password as the password of user account. In Linux, passwords are stored in the /etc/shadow file in encrypted mode. The number of digits of the encrypted password varies depending on the encryption mode.

Options:

-crypt: indicates the standard UNIX encryption algorithm, which is the default algorithm. If adding salt (-salt) counts as a password, only the first two bits of salt are taken and all characters after the second bits are ignored.
-1(digit) : indicates the id of the ALGORITHM based on MD5.
-APr1 (number) : indicates the alternative MD5 algorithm used in Apache. This parameter cannot be used with the “-1” option because APR1 has md5 by default. The authentication password generated by the htpasswd tool is this method.
-salt: Adds salt during encryption to increase algorithm complexity. But there is a side effect: if the salt is the same and the password is the same, the encryption will be the same.
-in file: Reads the list of passwords to be calculated from a file
-stdin: obtains the password to be entered from standard input
-quiet: No information is displayed during the password generation

Example:

/etc/nginx/. Htpasswd use your own directory

sudo sh -c "echo -n 'user:' >> /etc/nginx/.htpasswd" # user is the username you want to log in to
sudo sh -c "openssl passwd -apr1 >> /etc/nginx/.htpasswd" You will then be prompted to enter and confirm your password
Copy the code

You will be prompted to create a password. Next, open your Nginx configuration file and add these two lines under location / {:

location / { auth_basic "Restricted Content"; auth_basic_user_file /etc/nginx/.htpasswd; .Copy the code

Add the generated password string to /etc/shadow to use the user login password.

As for the openssl passwd file, the generated password can be copied directly to the /etc/shadow file, but openssl passwd does not support SHA512, so the password is not strong enough. To generate a password for sha512, you can use grub-crypt, which is a Python script, but unfortunately CentOS 7 only has grub2 and grub-crypt is no longer available.

This series of articles

Nginx basic login authentication: Using htpasswd to generate a password Use Python to generate passwords

Take an in-depth look at nginx basic login authentication: Using OpenSSL to generate passwords

Openssl passwd Manually generates a password

This series of articles

Related Posts

Interviewer: 90% of the algorithm books can be thrown away, not tested

Develop a VUE component package from scratch and publish it to NPM (package the Vue component into a direct reference JS file)

Architect (Part 7) Preparation of scaffolding