Generating Strong Passwords at the Linux Command Line

There are a number of tools that will allow you to generate secure passwords including urandom, OpenSSL, GPG and pwgen. I will briefly demo these below.


The below generates a random string of 14 characters in length.

[andy@home-pc ~]$ openssl rand -base64 14


To generate a random string of 20 characters.

[andy@home-pc ~]$ < /dev/urandom tr -dc A-Za-z0-9 | head -c20; echo


This is one of the most interesting password generators and it ships with a lot of useful options. The only downside is that it is not installed by default on most systems.


To install it on an Arch based system:

[andy@home-pc ~]$ sudo pacman -Sy pwgen

To install it on RedHat/CentOS, you’ll first need to install/enable the EPEL repository:

[andy@home-pc ~]$ sudo yum install epel-release
[andy@home-pc ~]$ sudo yum install pwgen


The below can be used to generate one password of length 20:

[andy@home-pc ~]$ pwgen 20 1

The below generates one password of length 20 with some additional options:

[andy@home-pc ~]$ pwgen 20 1 --ambiguous --numerals --symbols --capitalize

The options above provide the following:

Options Description
-A, –no-capitalize Don’t include any capital letters.
-B, –ambiguous Don’t use potentially confusing characters like ‘l’ or ‘1’ and ‘O’ and ‘0’.
-n, –numerals Include at least one number in generated password.
-v, –no-vowels Don’t use vowels. Less secure but won’t accidentally include offensive words.
-c, –capitalize Include at least one capital letter.
-y, –symbols Include at least one special character.
-s, –secure Completely random but hard to remember.  Good for machine passwords.

The below is good option for generating user passwords:

[andy@home-pc ~]$ pwgen 20 1 --secure --ambiguous


You can also use gpg to generate a password. The below generates on of length 20:

[andy@home-pc ~]$ gpg --gen-random --armor 1 20

Be the first to comment

Leave a Reply