Find password for Linux user

centos
ubuntu

#1

Is it possible to see password for Linux user named tomtest? While working on server I created 7 users but I forgot password for tomtest? Is it possible to see the password for Linux user? If so how to find password using the command line?


#2

You can’t find password for any user in Ubuntu Linux or any other modern Unix-like system. Password are encrypted using crypt() function and stored in the /etc/shadow file in the following format:

$id$salt$encrypted

$id can be any one of the following:

  • 1 means md5
  • 2a means Blowfish
  • 3 means SHA-256
  • 4 means SHA-512

So if you see entry like as follows in /etc/shadow, means the password is encrypted with SHA-512

$6$salt$encrypted

The “$salt” can be up to 16 characters following “$id$” in the salt. The “encrypted” part of the password string is the actual computed password and it is one way. It can not be decrypted. The size of this “encrypted” string is fixed as follows too:

  • MD5 - 22 characters
  • SHA-256 - 43 characters
  • SHA-512 - 86 characters

How does it works?

It is computationally difficult (but not impossible) to take a randomly encoded and encrypted password from /etc/shadow and recover the original password. In other words you can’t see original password in plain text for Linux user even if you logged in as root user. You might try tool like John the Ripper Tool see:

What happens when a user or sysadmin setup a password using the passwd command?

When a user picks or is assigned a password by the sysadmin, it is encoded with a randomly generated value called the salt . This means that any particular password could be stored in different ways. The salt value is then stored with the encoded password.

When a user logs in and supplies a password, the salt is first retrieved from the stored encoded password. Then the supplied password is encoded with the salt value, and then compared with the encoded password. If there is a match, then the user is authenticated.

To answer your question, simply setup a new password using the passwd command as root user:

passwd tomtest

Use the grep command or cat command to view entry for tomtest user

sudo grep '^tomtest' /etc/shadow
sudo cat  /etc/shadow

Here is sample outputs:
tomtest:$6$k59uxg1C$uI5vr5OUfv5h.mSsxvWzlr1Lon0v8Gllu5AK4aARJxxv.7/B5Wc0HkL2JQu.bFrLWeSEBKQHscfaPavhQyHDU0:17759:0:99999:7:::