Create users by command line

Need help with FileZilla Server? Something does not work as expected? In this forum you may find an answer.

Moderator: Project members

Post Reply
Message
Author
Marco G.
503 Bad sequence of commands
Posts: 18
Joined: 2022-12-02 16:11
First name: Marco
Last name: Gomes

Create users by command line

#1 Post by Marco G. » 2022-12-02 16:34

Hello,

as a lot of people i'm looking for a way to add new users without using GUI (by command line).
I read with attention some threads of the forum, and i decided to wrote un powershell script (i'm under windows) to add users by editing configuration file of Filezilla server.

Historically, i use G6 FTP, and i'm looking for a replacement...
I manage all my accounts in a spreadsheet file, make a copy of some columns in a file text, and used a msdos script to create all the account i need.
So my script powershell used the same textfile input.

My script seems works well, but as a lot of people i block on password encryption.

I used:
- SHA256 method
- a keysize of 32
- a random ascii salt with some characters excluded (as < > &) of 43 characters
- hash converted to base64
- 100 000 iterations

I've no idea, why it's not correct.
Attachments
crea_compte.ps1.txt
add user using powershell
(3.92 KiB) Downloaded 134 times

User avatar
botg
Site Admin
Posts: 35491
Joined: 2004-02-23 20:49
First name: Tim
Last name: Kosse

Re: Create users by command line

#2 Post by botg » 2022-12-02 19:10

The powershell syntax hurts my brain...

The salt must be 32 octets generated by a cryptographically secure random number generator, all octet values are allowed in the salt, from 0 to 255, uniformly distributed.

This raw salt is passed to PBKDF2. The base64-encoded salt is placed into the XML.

Marco G.
503 Bad sequence of commands
Posts: 18
Joined: 2022-12-02 16:11
First name: Marco
Last name: Gomes

Re: Create users by command line

#3 Post by Marco G. » 2022-12-05 17:20

The powershell syntax hurts my brain...
me too.
But the multiple encryption implementations are worse... It's too much complicated for me.
The salt must be 32 octets generated by a cryptographically secure random number generator, all octet values are allowed in the salt, from 0 to 255, uniformly distributed.
ok.
Get-Random seems to meet these criteria based on the documentation.
So i don't need to convert to Ascii characters.

Code: Select all

$keySize = 32
$global:salt = -join ((0..255) | Get-Random -Count $keySize)
Salt seems to be very long...
This raw salt is passed to PBKDF2. The base64-encoded salt is placed into the XML.
I continue to search...

User avatar
botg
Site Admin
Posts: 35491
Joined: 2004-02-23 20:49
First name: Tim
Last name: Kosse

Re: Create users by command line

#4 Post by botg » 2022-12-05 20:08

Marco G. wrote:
2022-12-05 17:20
The powershell syntax hurts my brain...
me too.
How rude for you to also hurt my brain :P
$global:salt = -join ((0..255) | Get-Random -Count $keySize)
Doesn't that just build the concatenation of the string representation of 32 numbers?

Marco G.
503 Bad sequence of commands
Posts: 18
Joined: 2022-12-02 16:11
First name: Marco
Last name: Gomes

Re: Create users by command line

#5 Post by Marco G. » 2022-12-06 12:38

How rude for you to also hurt my brain
Lol. In fact the problem is not the langage, but how work the algorithm.
Doesn't that just build the concatenation of the string representation of 32 numbers?
I think i have understand, and find my errors.

I found another notation, that is more clear for the random number.
I remove the character conversion of the random number, and the UTF8 conversion in bytes...

And finally store salt value in Base64.

I just change this function in my script:

Code: Select all

function sha512strhash($string){
	$password = $string
	
	#Random numbers compatible with Ascii characters (0-255)
	$randomsalt = ( (1..32) | %{(Get-Random -Max 256)} )

	#Encryption
	$passDerive = New-Object Security.Cryptography.Rfc2898DeriveBytes -ArgumentList @($password, $randomsalt, $iterations, $method)
	$key = $passDerive.GetBytes($keySize)
	
	#Convert to Base64
	$global:hash = [Convert]::ToBase64String($key)
	$global:salt = [Convert]::ToBase64String($randomsalt)
}
All the conversion to Base64 finish with "=", but filezilla seems accept it.
I tested with 3 accounts: it's ok.

Thanks you very much.

Marco G.
503 Bad sequence of commands
Posts: 18
Joined: 2022-12-02 16:11
First name: Marco
Last name: Gomes

Re: Create users by command line

#6 Post by Marco G. » 2022-12-16 15:36

For those who want to use this script...

It's works with :
- Powershell 5.1 (Latest update for Win7/2008R2).
- Filezilla Server 1.6.0/1.6.1

It does not work with Powershell 2 (native on win 7) and it was not tested with other version.

Post Reply