Page 1 of 1
Create users by command line
Posted: 2022-12-02 16:34
by Marco G.
Hello,
as a lot of people i'm looking for a way to add new users without using GUI (by command line).
I read with attention some threads of the forum, and i decided to wrote un powershell script (i'm under windows) to add users by editing configuration file of Filezilla server.
Historically, i use G6 FTP, and i'm looking for a replacement...
I manage all my accounts in a spreadsheet file, make a copy of some columns in a file text, and used a msdos script to create all the account i need.
So my script powershell used the same textfile input.
My script seems works well, but as a lot of people i block on password encryption.
I used:
- SHA256 method
- a keysize of 32
- a random ascii salt with some characters excluded (as < > &) of 43 characters
- hash converted to base64
- 100 000 iterations
I've no idea, why it's not correct.
Re: Create users by command line
Posted: 2022-12-02 19:10
by botg
The powershell syntax hurts my brain...
The salt must be 32 octets generated by a cryptographically secure random number generator, all octet values are allowed in the salt, from 0 to 255, uniformly distributed.
This raw salt is passed to PBKDF2. The base64-encoded salt is placed into the XML.
Re: Create users by command line
Posted: 2022-12-05 17:20
by Marco G.
The powershell syntax hurts my brain...
me too.
But the multiple encryption implementations are worse... It's too much complicated for me.
The salt must be 32 octets generated by a cryptographically secure random number generator, all octet values are allowed in the salt, from 0 to 255, uniformly distributed.
ok.
Get-Random seems to meet these criteria based on the documentation.
So i don't need to convert to Ascii characters.
Code: Select all
$keySize = 32
$global:salt = -join ((0..255) | Get-Random -Count $keySize)
Salt seems to be very long...
This raw salt is passed to PBKDF2. The base64-encoded salt is placed into the XML.
I continue to search...
Re: Create users by command line
Posted: 2022-12-05 20:08
by botg
Marco G. wrote: ↑2022-12-05 17:20
The powershell syntax hurts my brain...
me too.
How rude for you to also hurt my brain
$global:salt = -join ((0..255) | Get-Random -Count $keySize)
Doesn't that just build the concatenation of the string representation of 32 numbers?
Re: Create users by command line
Posted: 2022-12-06 12:38
by Marco G.
How rude for you to also hurt my brain
Lol. In fact the problem is not the langage, but how work the algorithm.
Doesn't that just build the concatenation of the string representation of 32 numbers?
I think i have understand, and find my errors.
I found another notation, that is more clear for the random number.
I remove the character conversion of the random number, and the UTF8 conversion in bytes...
And finally store salt value in Base64.
I just change this function in my script:
Code: Select all
function sha512strhash($string){
$password = $string
#Random numbers compatible with Ascii characters (0-255)
$randomsalt = ( (1..32) | %{(Get-Random -Max 256)} )
#Encryption
$passDerive = New-Object Security.Cryptography.Rfc2898DeriveBytes -ArgumentList @($password, $randomsalt, $iterations, $method)
$key = $passDerive.GetBytes($keySize)
#Convert to Base64
$global:hash = [Convert]::ToBase64String($key)
$global:salt = [Convert]::ToBase64String($randomsalt)
}
All the conversion to Base64 finish with "=", but filezilla seems accept it.
I tested with 3 accounts: it's ok.
Thanks you very much.
Re: Create users by command line
Posted: 2022-12-16 15:36
by Marco G.
For those who want to use this script...
It's works with :
- Powershell 5.1 (Latest update for Win7/2008R2).
- Filezilla Server 1.6.0/1.6.1
It does not work with Powershell 2 (native on win 7) and it was not tested with other version.