When using mkpasswd(1)
below, note that the output will always end in either 0
, 1
, /
, or .
. If it does end in .
, this is important; do not neglect to include it.
If you don’t have a favorite, the pwgen
tool is great for making some passwords.
$ pwgen -s 32
LHN3qXJbsMooII2v8XGNnPKvR6isPPBc vWC30c8mZiV3tmM51aEXOTdVa4Yp9Rtw
...
Generate server password hash (mkpasswd
is in the whois
package on many distributions):
$ mkpasswd -m sha-512
Password:
$6$SIQC7mqrFO$UycizbXCtbCsgTnKY35xeFQ9JhKjztjIeldqjQNqxyFH29IJ7iFcRG/pw1eYS1B/4rSdDLPEToMt3O/Py8W5E1
Server password is username:password
Generate challenge key:
$ openssl genrsa 8192 | openssl pkcs8 -topk8 -v2 aes256 > liberachat.key
$ openssl rsa -pubout < liberachat.key > liberachat.pub
And send in the liberachat.pub
file.
$ ssh-keygen -t ed25519 -f ~/.ssh/id_libera
Send in the contents of ~/.ssh/id_libera.pub
. Advanced users may instead send a pull request with the required config change.
Generate with mkpasswd
(see above)
$ mkpasswd -m sha-512
Password:
$6$017ehGOFw14Djba/$1PGTx0PX3BPRSDDuyj/803Y7JXxUHfUxbMOwXBxn2WNemwFbOYoZobRHWODAMci7qlHdX49VqmN/rOaGqJAKk0
HTTP Basic Auth is used, your browser will ask you for your username and password.
Generate with mkpasswd
(see above)
$ mkpasswd -m sha-512
Password:
$6$qJLnxRQd2RiOW.cA$FficSKfHzbU1opHdjbDMcftcnMaLJQjGwldu/Hlr5wGcjmERQvHR8h613HjlCJpqlzYJuknn8XGYawOLUxcFE0
See mail.md for more information.
If you’re worried about copy/paste errors before you deliver hashes to infra, you can check you’re able to produce the correct hash again. First, take the hash from the output of mkpasswd:
$ mkpasswd -m sha-512
Password:
$6$xGOaf607cpv$Irk4krxcNZ9eSxQRTjU2Dp2npRkeT17gzQx9TvPJDPM5Asosrr4mIL6SGVD0NCZraZCSNKMZLHhe/NX6Zh9m9.
and extract the characters between the 2nd & 3rd $
before running the command again. You should get the exact same hash:
$ mkpasswd -m sha-512 -S xGOaf607cpv
Password:
$6$xGOaf607cpv$Irk4krxcNZ9eSxQRTjU2Dp2npRkeT17gzQx9TvPJDPM5Asosrr4mIL6SGVD0NCZraZCSNKMZLHhe/NX6Zh9m9.