Hello,
as a lot of people i'm looking for a way to add new users without using GUI (by command line).
I read with attention some threads of the forum, and i decided to wrote un powershell script (i'm under windows) to add users by editing configuration file of Filezilla server.
Historically, i use G6 FTP, and i'm looking for a replacement...
I manage all my accounts in a spreadsheet file, make a copy of some columns in a file text, and used a msdos script to create all the account i need.
So my script powershell used the same textfile input.
My script seems works well, but as a lot of people i block on password encryption.
I used:
- SHA256 method
- a keysize of 32
- a random ascii salt with some characters excluded (as < > &) of 43 characters
- hash converted to base64
- 100 000 iterations
I've no idea, why it's not correct.
Create users by command line
Moderator: Project members
-
- 503 Bad sequence of commands
- Posts: 18
- Joined: 2022-12-02 16:11
- First name: Marco
- Last name: Gomes
Create users by command line
- Attachments
-
- crea_compte.ps1.txt
- add user using powershell
- (3.92 KiB) Downloaded 141 times
Re: Create users by command line
The powershell syntax hurts my brain...
The salt must be 32 octets generated by a cryptographically secure random number generator, all octet values are allowed in the salt, from 0 to 255, uniformly distributed.
This raw salt is passed to PBKDF2. The base64-encoded salt is placed into the XML.
The salt must be 32 octets generated by a cryptographically secure random number generator, all octet values are allowed in the salt, from 0 to 255, uniformly distributed.
This raw salt is passed to PBKDF2. The base64-encoded salt is placed into the XML.
-
- 503 Bad sequence of commands
- Posts: 18
- Joined: 2022-12-02 16:11
- First name: Marco
- Last name: Gomes
Re: Create users by command line
me too.The powershell syntax hurts my brain...
But the multiple encryption implementations are worse... It's too much complicated for me.
ok.The salt must be 32 octets generated by a cryptographically secure random number generator, all octet values are allowed in the salt, from 0 to 255, uniformly distributed.
Get-Random seems to meet these criteria based on the documentation.
So i don't need to convert to Ascii characters.
Code: Select all
$keySize = 32
$global:salt = -join ((0..255) | Get-Random -Count $keySize)
I continue to search...This raw salt is passed to PBKDF2. The base64-encoded salt is placed into the XML.
-
- 503 Bad sequence of commands
- Posts: 18
- Joined: 2022-12-02 16:11
- First name: Marco
- Last name: Gomes
Re: Create users by command line
Lol. In fact the problem is not the langage, but how work the algorithm.How rude for you to also hurt my brain
I think i have understand, and find my errors.Doesn't that just build the concatenation of the string representation of 32 numbers?
I found another notation, that is more clear for the random number.
I remove the character conversion of the random number, and the UTF8 conversion in bytes...
And finally store salt value in Base64.
I just change this function in my script:
Code: Select all
function sha512strhash($string){
$password = $string
#Random numbers compatible with Ascii characters (0-255)
$randomsalt = ( (1..32) | %{(Get-Random -Max 256)} )
#Encryption
$passDerive = New-Object Security.Cryptography.Rfc2898DeriveBytes -ArgumentList @($password, $randomsalt, $iterations, $method)
$key = $passDerive.GetBytes($keySize)
#Convert to Base64
$global:hash = [Convert]::ToBase64String($key)
$global:salt = [Convert]::ToBase64String($randomsalt)
}
I tested with 3 accounts: it's ok.
Thanks you very much.
-
- 503 Bad sequence of commands
- Posts: 18
- Joined: 2022-12-02 16:11
- First name: Marco
- Last name: Gomes
Re: Create users by command line
For those who want to use this script...
It's works with :
- Powershell 5.1 (Latest update for Win7/2008R2).
- Filezilla Server 1.6.0/1.6.1
It does not work with Powershell 2 (native on win 7) and it was not tested with other version.
It's works with :
- Powershell 5.1 (Latest update for Win7/2008R2).
- Filezilla Server 1.6.0/1.6.1
It does not work with Powershell 2 (native on win 7) and it was not tested with other version.