Verify user’s password on the command line

If there’s any chance you need to verify a user’s password on the command line and you are root you can use openssl with the info from /etc/shadow.

So first we want to grab the entry from /etc/shadow

cat /etc/shadow | grep mike

That will give us something that looks like


So the items we want are the $6 and the $tCFXiZHH. The $6 is important because that tells us the password is using sha512 for encryption. And the $tCFXiZHH is the salt.

So now we can run

mkpasswd -m sha-512 somePasswordHere tCFXiZHH

The output should match up with what’s above and if it is.. you have a valid password.

About mike
Currently works for Recurly as a Senior Linux Admin. He has a wonderful wife Thanuja and 2 great children (Anusha and Brandon). His major side project is Photoblog.

  • Anand

    Hi Mike,

    About the $6 and $code for password, please tell me how did you conclude that $6 equals password using sha512 for encryption. Is there some standard way of identifying encryption based on $ digits?

    I could understand your method but couldn’t get how did you end up with decoding the encryption.


    • mike

      Yes there is the numbers are a standard on linux anyway

      “$1$” stands for MD5, “$2a$” is Blowfish, “$2y$” is Blowfish (correct handling of 8-bit chars), “$5$” is SHA-256 and “$6$” is SHA-512

      Taken from