Table of Contents

How to Generate Secure Random Passwords from the Linux CLI

2025-09-24
3 min read
Docs
Linux

Introduction

In system administration and development, the need for a strong, random password can arise at any moment. Instead of relying on external websites or dedicated tools, you can generate cryptographically secure passwords directly from the Linux command line. This article demonstrates a powerful and reliable method using a pipeline of standard Linux utilities.

The Solution: Generating a Basic Alphanumeric Password

To generate a random 16-character alphanumeric password, you can use the following command. This method is highly secure as it leverages the kernel’s own source of randomness.

< /dev/urandom tr -dc 'a-zA-Z0-9' | head -c 16; echo

How It Works

This command is a pipeline that chains three simple yet powerful tools together. Let’s dissect each component to understand its role.

  • < /dev/urandom: This is the source of our randomness. We use input redirection (<) to feed a stream of random bytes from /dev/urandom, a special file in Linux that serves as an interface to the kernel’s cryptographic pseudo-random number generator (PRNG).

  • | tr -dc 'a-zA-Z0-9': The random byte stream is piped (|) to the tr (translate) command for filtering.

    • The -d flag instructs tr to delete characters.
    • The -c flag specifies the complement of the given character set.
    • Combined, tr -dc 'a-zA-Z0-9' means “delete every character that is not an uppercase letter (A-Z), a lowercase letter (a-z), or a digit (0-9).” This process filters the random bytes into a clean, endless stream of only alphanumeric characters.

  • | head -c 16: The filtered alphanumeric stream is then piped to the head command. The -c 16 flag tells head to output only the first 16 characters from the stream it receives. You can easily change 16 to any desired password length.

  • ; echo: This is a quality-of-life addition. The head command does not output a trailing newline, which would cause your shell prompt to appear on the same line as the generated password. The ; echo command simply prints a newline character, ensuring the output is clean and your terminal prompt starts on a new line.

Adding Special Characters for Enhanced Security

To meet modern security requirements, passwords often need to include special characters. You can easily modify the character set in the tr command to include them.

< /dev/urandom tr -dc 'a-zA-Z0-9!@#$%^&*_-+=' | head -c 16; echo

Understanding the Change

The only modification is to the character set provided to tr. We have appended a string of common special characters (!@#$%^&*_-+=) to the set of allowed characters.

Crucially, the entire character set is enclosed in single quotes ('...'). This is essential because many special characters (like *, $, and &) have special meanings to the shell. The single quotes ensure that the shell treats them as literal characters to be included in the tr command’s set, rather than interpreting them as shell operators.

You can customize the list of special characters within the quotes to adhere to any specific password policy.

Conclusion

This one-liner provides a flexible, secure, and native way to generate strong passwords on any Linux system. By understanding how /dev/urandom, tr, and head work together, you gain a powerful tool for your command-line arsenal, eliminating the need for external password generation utilities and ensuring your credentials are created from a trusted source of randomness.

#Linux #Cli #Bash #Security #Password #Urandom

Antony Sallas

Next How to Check the Default Application for a MIME Type on Linux