Generating Secure Passwords for your Linux Server

Very often I have to setup new servers or harden existing servers during security audits. As a result, secure passwords have to be chosen for root, cPanel accounts, etc. There are many composite practices that make a server secure, but often overlooked is using secure passwords.

How Secure Is My Password

Notice I didn’t list SSH or MySQL passwords. This is because if you are serious about security these should not even be accessible via remote password login! For SSH, you should already be using authentication keys and set PermitRootLogin no in your ssh config. For MySQL you should use skip-networking if MySQL is on the same server to connect via socket or use bind-address= to restrict MySQL connections to the IP/hostname of the web server. Or use IPtables to allow specific multiple IP addresses. That said, using secure passwords for MySQL is still recommended.

Now for selecting secure passwords, here’s what I recommend:

  • Passwords should be at LEAST 10 characters in length.
  • Include letters (mixed case), numbers and special characters.

If you are using Linux, you can use the urandom command to generate secure passwords:

Recommended urandom

< /dev/urandom tr -dc '[:graph:]' | head -c16;echo;

Right-hand only urandom

< /dev/urandom tr -dc '67890^*_+-=;:,.?yuiopYUIOPhjklHJKLbnmBNM' | head -c16;echo;

Left-hand only urandom

< /dev/urandom tr -dc '[email protected]#$%qwertQWERTasdfgASDFGzxcvbZXCVB' | head -c16;echo;

Making this into a simple easy to remember command

      1. Edit your bashrc
        vi ~/.bashrc
      2. Add this line:
        spw(){ insert one of the above options here }


        spw(){ < /dev/urandom tr -dc '[:graph:]' | head -c16;echo; }
      3. Save and restart server or even better just reload bash using:
        source ~/.bash_profile
      4. Now in future just type the following to generate a secure password:

spwOn the left is a screen-crop of the output. Now, there’s also a free secure password service that you can use to generate strong passwords. Its the Secure Password Generator. Make sure to check all the “include” options and set length to 10 characters or more, then click generate and viola, you have created extremely secure passwords for copy and paste.

Related:  cPanel to add MariaDB support. PHP-FPM?

Of course this method applies beyond just Linux and using any of the above 16 character methods, it would take trillions of years to crack your password! This is why a strong password is VERY important. There are other linux commands that use openssl, dd and date to generate passwords, but urandom is my prefered method. Feel free to add your methods below.