If it was up to me I would never leave the command line. I use still use lynx (a command line browser), dict (a command line dictionary), and bc (a command line calculator) although with decreasing regularity. So why not use the command line to generate random passwords?

In this Linux quick tip, we will show you 5 bash commands (plus one utility) to quickly generate a random password.

Most of these example use the urandom file in dev. Here is an excerpt from the man page:

The character special files /dev/random and /dev/urandom (present since Linux 1.3.30) provide an interface to the kernel's random number generator...
...The random number generator gathers environmental noise from device drivers and other sources into an entropy pool. The generator also keeps an estimate of the number of bits of noise in the entropy pool. From this entropy pool random numbers are created.

Checking Available Entropy

You can check the available entropy on most Linux systems by reading the /proc/sys/kernel/random/entropy_available file. This will be a number in the range of 0-4096.

$ cat /proc/sys/kernel/random/entropy_avail
3937

Using the cat Command

Here we are reading the urandom file with cat and piping it to tr. The tr command is then stripping out all printable characters, not including spaces. Then the head command is telling the command to print the first 18 characters and then stop.

$ cat /dev/urandom | tr -cd '[:graph:]' | head -c 18
S_ap-[\Kjwdd_pY8+

If you wanted a shorter, or longer password you can change the number in the head command. If you wanted a password without special characters, you can change the tr command to:

[:alpha:] - All letters
[:alnum:] - All letters and digits

Using the tr Command & Redirection

Often times people use cat gratuitously. Here is an example that does the same thing as the first example using redirection to input the file instead of cat.

$ tr -cd "[:graph:]" < /dev/urandom | head -c 18
DA.q%#fEQ$qqAIz~e5

Here instead of using cat, we are redirecting urandom directly into tr.

Neither of these command adds a new line to the end which will result in output like this (I have been cleaning it up for readability):

[savona@putor ~]$ tr -cd "[:graph:]" < /dev/urandom | head -c 18
ni;ry.M&!b,ok~%HRj[savona@putor ~]$

If that bothers you as much as it does me, just pipe to xargs -0 at the end:

[savona@putor ~]$ tr -cd "[:graph:]" < /dev/urandom | head -c 18 | xargs -0
A[T:$m3*,BO?LM4Gw5
[savona@putor ~]$

Using the dd Command

The dd command is one of those utilities that seems to have no end to it's usefulness. Here we use urandom as the input file for dd, then pipe to tr as we did above.

$ dd if=/dev/urandom count=200 bs=1 2>/dev/null | tr -cd "[:graph:]" | cut -c-18
qL?I{fP4+x1;t_L}w9

This one gives us a nice clean output with a new line.

Using the openssl Command

I am not a fan of this one, but maybe you are. Because of the base64 encoding, there are some lengths you cannot select. For example, I can't do 18 (which I like).

$ openssl rand -base64 12
mshskZmBIfxuR782

In Linux there is always a way. To get our 18 character length we can change to 32 (or 16) and cut the first 18 characters.

$ openssl rand -base64 16 | cut -c-18
f+0iF8Rmc9V1/fnmiQ

Using the strings Command

The strings command is not one of those commands that is used very often. Here we use it to pull printable characters for urandom, then use tr to strip the new lines, and head to print the first 18.

$ strings /dev/urandom | tr -d '\n' | head -c18
3.k'RJ.|R}e E<"!J'

This command also doesn't print a new line, use the xargs trick above if needed.

The pwgen Utility

Installation

The pwgen utility is a small command line program that generates passwords. It has minimal options, but sometimes less is more.

To install pwgen on rpm based systems (Red Hat, CentOS, Fedora):

sudo dnf install -y pwgen

or

sudo yum install -y pwgen

To install on deb based systems (Debian, Ubuntu):

sudo apt-get install pwgen -y

Basic Usage

Just typing pwgen will print a block of password in columns across your screen.

pwgen program basic output

To stick with my theme, let's generate a password that is 18 characters long, includes at least one capital letter, one lowercase letter, one number and one special symbol. We will also tell it to only print a single password.

$ pwgen -Bcny 18 -1
aish~ohp9Aht@e4ozu

B - Don't include ambiguous characters in the password
c - Include at least one capital letter in the password
n - Include at least one number in the password
y - Include at least one special symbol in the password

18 - Length in characters
-1 - Only print one

Check out the pwgen man page for more information.

Conclusion

In this tutorial we covered 5+ ways to generate a random password from the command line. I have sed said it before, there is always more than one way to get something done in Linux. If you can think of more ways to generate a random password on the command line let us have it in the comments.