编程知识 cdmana.com

Take you to learn more about nginx basic login authentication: generating passwords using OpenSSL

openssl passwd Generate password manually

introduction : stay Linux In the system, we need to manually generate a password, which can be opensll passwd To generate a password as the password of the user account .Linux The password in the system is stored in /etc/shadow In file , And it is stored in an encrypted way , According to different encryption methods , The number of bits of the generated encrypted password is also different .

Option description :

  • -crypt:UNIX Standard encryption algorithm , This is the default Algorithm . If you add salt (-salt) Calculate password , Just before taking salt 2 position ,2 All characters after bit are ignored .
  • -1( Numbers ): be based on MD5 The algorithm code of .
  • -apr1( Numbers ):apache Alternative used in md5 Algorithm code , Unable to join "-1" Use options together , because apr1 By default md5.htpasswd The authentication password generated by the tool is this method .
  • -salt: Add some salt when encrypting , It can increase the complexity of the algorithm . But adding salt will have side effects : The salt is the same , Same password , The result of encryption will be the same .
  • -in file: Read the list of passwords to be calculated from the file
  • -stdin: Get the password to be entered from standard input
  • -quiet: No information is output during password generation

Example :

/etc/nginx/.htpasswd Change to your own file storage path

sudo sh -c "echo -n 'user:' >> /etc/nginx/.htpasswd" # user Is the user name you want to log in 
sudo sh -c "openssl passwd -apr1 >> /etc/nginx/.htpasswd" #  Next, you will be prompted to enter your password and confirm your password 
 Copy code 

You will be prompted to create a password . Next , Open your Nginx The configuration file , And in location / { Add these two lines under :

location / {
    auth_basic "Restricted Content";
    auth_basic_user_file /etc/nginx/.htpasswd;
    ...
 Copy code 

The generated password string , Manually add to /etc/shadow Can be used as the user's login password .

About openssl passwd file , The generated password can be copied directly to /etc/shadow In file , but openssl passwd Because it's not supported sha512, So the password strength is not enough . If you want to generate sha512 Password , have access to grub-crypt Generate , It's a python Script , It's just unfortunate CentOS 7 Only grub2,grub-crypt There are no more orders .

This series of articles

Take you to know more about nginx Basic login authentication ( Contains all configuration steps and in-depth resolution ) Take you to know more about nginx Basic login authentication : Use htpasswd Generate the password Take you to know more about nginx Basic login authentication : Use openssl Generate the password Take you to know more about nginx Basic login authentication : Use python Generate the password

版权声明
本文为[moshuying]所创,转载请带上原文链接,感谢
https://cdmana.com/2021/09/20210909122358688E.html

Scroll to Top