Generate salted shadow hashes using Python crypt()

The other day I was doing some server setups (using ansible for automation) and I needed to create the same user/password on four different machines. It’s easy with ansible’s user module, but you need to provide a pre-hashed password.

The key is to use python’s crypt.crypt(), which you can do interactively from a python shell:

[aorth@noma: ~]$ python
Python 2.7.3 (default, Dec 22 2012, 21:14:12)
[GCC 4.7.2] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>> import crypt
>>> crypt.crypt("mypassword",'$1$somesalt!')
'$1$somesalt!$qbGIrNDo5Nyr4eASZFJLQ0'
>>> crypt.crypt("mypassword",'$6$somesalt!')
'$6$somesalt!$3UQn7wIuHJUkfawfTqftXADbm88MhnV/hYIcDStmcVTEzWyO4ovUe9bYcpL1Nl5ae1wagxAJEqfTMyf1dsMGA1'

Above you can see I generated salted md5 and sha-512 hashes (signified by $1$ and $6$, respectively). This is a super easy way to generate hashes programatically, and they can go directly into the shadow file! You can read more about Unix shadow hashes in man 3 crypt.

2 thoughts on “Generate salted shadow hashes using Python crypt()

  1. Thanks. Love the Py.

    So the password in this example is “mypassword” on the salt part does the “somesalt!” vary across commands, or does only the “$6$, or is it always “$6$somesalt!” for that parameter?

    Also, why the different results, the parameters look the same? Did the “$6$somesalt!” use some sort of randomness?

Comments are closed.