Random password generation

gfroute · September 4, 2014, 7:46am

Hello,

I have created a script to generate a random password on Linux/Solaris, but I simply cannot use it on my AIX VMs since Bash isn't installed on them.

I need a password that is randomly created with the following characters:

0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ!@;:[].{}+=<>#|()^&_0123456789

And that's where the problem is.. those special characters are excluded from commands such as makekey.

Here's what I've done for Linux:

MATRICE="0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ!@;:[].{}+=<>#|()^&_0123456789"
n=1
PASSWD=""
while [ "$n" -le 7]
do
  PASSWD="$PASSWD${MATRICE:$(($RANDOM%${#MATRICE})):1}"
  let n+=1
done

Any ideas how I can generate a random password that doesn't require bash installed, and that takes into account all the special characters?

Thanks!

vbe · September 4, 2014, 8:38am

What AIX version is that?

gfroute · September 4, 2014, 8:40am

Basically it's for: 5.2, 5.3, 6.1 & 7.1 (around 50 VMs).

vbe · September 4, 2014, 8:44am

6.1 and 7.1 have bash... I dont know for 5.2, 5.3

#--
Seems 5.3 also (well here I found a 5.3 box that has bash mans and the shell...

junior-helper · September 4, 2014, 8:45am

Do you accept a Perl solution?

gfroute · September 4, 2014, 8:53am

I did the following on all the previously listed versions and could not find bash:

lslpp -l | grep bash*

But I suppose another option would be to deploy bash on all those machines, and then the script would work fine

As for Perl, none of the admins here use it, and I for one don't know the first thing about it

vbe · September 4, 2014, 9:01am

That said I avoid special characters because they can play dirty tricks depending how you connect.. But it doesnt seem to affect you since it works under LINUX... (typically when using X software emulation from PCs... )

gfroute · September 4, 2014, 9:11am

I don't really have a choice here, I have to follow what the security team decides, and they want special characters in the passwords --'

Don_Cragun · September 4, 2014, 7:40pm

gfroute:

Hello,

I have created a script to generate a random password on Linux/Solaris, but I simply cannot use it on my AIX VMs since Bash isn't installed on them.

I need a password that is randomly created with the following characters:
0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ!@;:.{}+=<>#|()^&_0123456789

And that's where the problem is.. those special characters are excluded from commands such as makekey.

Here's what I've done for Linux:
MATRICE="0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ!@;:[].{}+=<>#|()^&_0123456789"
n=1
PASSWD=""
while [ "$n" -le 7]
do
  PASSWD="$PASSWD${MATRICE:$(($RANDOM%${#MATRICE})):1}"
  let n+=1
done
Any ideas how I can generate a random password that doesn't require bash installed, and that takes into account all the special characters?

Thanks!

I was surprised that this worked with bash ; there should be a space between the 7 and the ] in the line marked in red above. If you add a space there, this script will also work with ksh93 . Is ksh93 available on the older AIX releases?

rbatte1 · September 8, 2014, 10:42am

Could I suggest that @ & # are excluded?

Some OS versions treat these strangley, e.g @ as end of password. We now advise all users to avoid them along with the pound sign � because that can be translated to # and therefore cause problems. Perhaps other currency symbols have the same risks.

Robin

vbe · September 8, 2014, 10:52am

That was what I was talking about Robin... haha you worked with HP...
And my point of vue is that here we use the country's keyboard layout, but how many time I got caught when in computer room I had in front of me a qwerty US keyboard... and having to desperatly try to guess where thos *** of char are hidden - and worse typing without being able to see the output, not mentionning the HP that with 3 bad passwd lock the accounts ( I corrected that later because it was just a nightmare...)
I still sometimes cant connect to some hosts because of locale issues with passwords that is why I tend to say yes all the chars but only those that are the same in ALL CHARSET and forget about the others for root...

rbatte1 · September 8, 2014, 11:00am

Yes!

To my shame I have two HP-UX 11.11 servers :o The hardware is about 12 years old and inherited from a merger where in their wisdom, all the tech support of the other side were let go before we'd even logged on. We had to learn bdf rather than df and daft things like that. Well, it's helped keep me employed for a few years..... maybe until mid-next year anyway.

Robin

bakunin · September 8, 2014, 3:18pm

Well, i suggest you ask Sam. ;-))

Regarding the problem at hand:

A ksh93 is provided in standard AIX as /usr/bin/ksh93 since either 5.1 or 5.2, i can't remember which.

If you want a bash You can download it freely from either Michael Perzls site (which i can wholeheartedly recommend - his efforts put IBMs "Linux Affinity" program to shame singlehandedly) or from IBMs "AIX Toolbox for Linux" page or even from Bulls "Freeware for AIX" page.

Btw., the bash package is called "freeware.bash.<something>" and it is an rpm package, so searching for "bash*" will not yield any results, even if it is installed. Search for "freeware.*" instead.

I hope this helps.

bakunin