The root user’s password can be set in RHEL and CentOS Kickstart Profiles with the following command:
rootpw "password here"
However, anyone using the Kickstart Profile will see the root password in plain text.
To prevent this, hash the root user’s password in the Kickstart Profile with the following command:
rootpw --iscrypted password_hash
But, how do you generate the password hash? Depending on your authconfig configuration, there are several different ways to do this.
md5
If your authconfig configuration is authconfig --enableshadow --enablemd5
, you can use openssl passwd
, grub-crypt
, or python
to hash your password.
Using openssl passwd
(you will be prompted to enter a password after running the command):
openssl passwd -1
Using grub-crypt
(you will be prompted to enter a password after running the command):
grub-crypt --md5
Using python
, replace 8_CHARACTER_SALT_HERE with 8 characters of random data (you will be prompted to enter a password after running the command):
echo 'import crypt,getpass; print crypt.crypt(getpass.getpass(), "$1$8_CHARACTER_SALT_HERE")' | python -
sha256
If your authconfig configuration is authconfig --enableshadow --passalgo=sha256
, you can use openssl passwd
, grub-crypt
or python
to hash your password.
Using openssl passwd
(you will be prompted to enter a password after running the command):
openssl passwd -5
Using grub-crypt
(you will be prompted to enter a password after running the command):
grub-crypt --sha-256
Using python
, replace 16_CHARACTER_SALT_HERE with 16 characters of random data (you will be prompted to enter a password after running the command):
echo 'import crypt,getpass; print crypt.crypt(getpass.getpass(), "$5$16_CHARACTER_SALT_HERE")' | python -
sha512
If your authconfig configuration is authconfig --enableshadow --passalgo=sha512
, you can use openssl passwd
, grub-crypt
or python
to hash your password.
Using openssl passwd
(you will be prompted to enter a password after running the command):
openssl passwd -6
Using grub-crypt
(you will be prompted to enter a password after running the command):
grub-crypt --sha-512
Using python
, replace 16_CHARACTER_SALT_HERE with 16 characters of random data (you will be prompted to enter a password after running the command):
echo 'import crypt,getpass; print crypt.crypt(getpass.getpass(), "$6$16_CHARACTER_SALT_HERE")' | python -