Mastering Htpasswd Command on Linux

Linux TLDR
Last Updated:
Reading time: 3 minutes

The htpasswd command-line utility is used to create or update password files that store users and their corresponding hashed passwords.

Primarily used for authentication files in the Apache HTTP server to protect users access to certain directories or applications on a web server.

However, you can also use it in other scenarios where you require a user and hashed password (in β€œuser:passwordhash” format) in your applications or config files.

Tutorial Details

DescriptionHtpasswd
Difficulty LevelLow
Root or Sudo PrivilegesNo
OS CompatibilityUbuntu, Manjaro, Fedora, etc.
Prerequisites–
Internet RequiredYes

How to Install Htpasswd on Linux

To install β€œhtpasswd” on Linux, you need to install the Apache HTTP Server package, which includes the β€œhtpasswd” utility.

The steps to install β€œhtpasswd” vary depending on the Linux distribution you are using. Here are the commands for some popular Linux distributions:

$ sudo apt install apache2-utils -y                                                                          #On Debian and Ubuntu
$ sudo dnf install httpd-tools -y                                                                              #On Red Hat and Fedora
$ sudo pacman -S apache -y                                                                                    #On Arch and Manjaro
$ sudo zypper install apache2-utils                                                                         #On openSUSE

Syntax of the Htpasswd Command

The htpasswd command takes three arguments: one is the option, the other is the path of the password file, and the third is the username.

$ htpasswd [OPTIONS] PASSWORD-FILE USERNAME

Whereas,

  • β€œoptionsβ€œ: These are the optional options that modify the behavior of this command.
  • β€œpassword-fileβ€œ: The path to the password file or the file to be created/updated.
  • β€œusernameβ€œ: The username for which the password will be set or updated.

Now, let’s look at a few usages of this command with practical examples.

Create a New Password File

To create a new password file, use the β€œ-c” flag followed by your desired path. If the specified path already has a file with the same name, it will be overwritten. Be sure to provide the username for which you want to set a password in the password file.

πŸ“
When you execute the following htpasswd command, you will be prompted to enter a password for the specified user (ex: β€œlinuxtldrβ€œ). By default, it uses the MD5 encryption algorithm for password hashing.
$ htpasswd -c ~/password-file linuxtldr
$ cat ~/password-file

Output:

Creating a password file with a username and hashed password

Add or Update a User in the Password File

To modify the existing password file, like updating the password for the existing user or adding a new user, simply use the htpasswd command with the path to the password file and username without any flags.

Adding a new user (ex: β€œjake”) in the existing password file:

$ htpasswd ~/password-file jake
$ cat ~/password-file

Output:

Adding a new user to the existing password file

Updating the password for an existing user (ex: β€œlinuxtldrβ€œ) in the password file:

$ htpasswd ~/password-file linuxtldr
$ cat ~/password-file

Output:

Updating the password for an existing user in the password file

Remove a User from the Password File

To remove an existing user from the password file, use the β€œ-D” flag followed by the password file path and the username (ex: β€œjakeβ€œ).

$ htpasswd -D ~/password-file jake
$ cat ~/password-file

Output:

Deleting an existing user from the password file

Generate the User’s Password Hash Without Creating a New File

To generate a password hash for the user without creating any password files, you can use the β€œ-n” flag followed by the username (ex: β€œlinuxtldrβ€œ).

$ htpasswd -n linuxtldr

Output:

Generating a referenced user hashed password without creating a new file

Generate the User’s Password Hash without Prompting

In all previous examples, whenever you wanted to create a password file for your desired user, the password was asked in the prompt after pressing the β€œenter” button.

This behavior can be changed by using the β€œ-b” flag, which allows htpasswd to use the password from the command line rather than prompting for it.

πŸ“
This method is not a secure way to create a password file, as your password is visible in the terminal (in plain text) and can be viewed by anyone from the command history.
$ htpasswd -nb linuxtldr password

Output:

Generating a user password without prompting for a password

Generate the User’s Password Hash with your Desired Encryption

By default, MD5 encryption is used to generate passwords for users. However, you can use other encryption algorithms by specifying their corresponding flags, as mentioned below:

OptionsEncryption AlgorithmRemark
-mMD5 EncryptionDefault
-BBcrypt EncryptionVery Secure
-dCRYPT EncryptionInsecure
-sSHA EncryptionInsecure
-pPlain TextInsecure

The following is the usage of all the above mentioned encryption algorithms using their flags in addition to the β€œ-n” flag (to avoid creating a password file) and the β€œ-b” flag (to take passwords from the command line) for the referenced user (ex: β€œlinuxtldrβ€œ).

$ htpasswd -nbm linuxtldr password                                                                #MD5 Encryption
$ htpasswd -nbB linuxtldr password                                                                 #Bcrypt Encryption
$ htpasswd -nbd linuxtldr password                                                                 #CRYPT Encryption
$ htpasswd -nbs linuxtldr password                                                                  #SHA Encryption
$ htpasswd -nbp linuxtldr password                                                                 #Plain Text

Output:

Generating a user password using all the encryption algorithms

Verify the User’s Password Hash in the Password File

You can use the β€œ-v” flag to check if the specified password matches the stored hash for the given username in the password file.

$ htpasswd -v ~/password-file linuxtldr

Output:

Verifying the password hash in the password file

How to Remove Htpasswd in Linux

To remove β€œhtpasswd” from your Linux system, simply uninstall the package using the same name as you used during installation.

Choose one of the following commands based on your Linux system:

$ sudo apt remove apache2-utils -y                                                            #On Debian and Ubuntu
$ sudo dnf remove httpd-tools -y                                                                #On Red Hat and Fedora
$ sudo pacman -R apache -y                                                                         #On Arch and Manjaro
$ sudo zypper remove apache2-utils                                                           #On openSUSE

Final Word

I hope you find this tool amazing and that this article has helped you in all possible ways. If you have anything to ask or find something questionable, then feel free to tell us in the comment section.

Till then, peace!

Join The Conversation

Users are always welcome to leave comments about the articles, whether they are questions, comments, constructive criticism, old information, or notices of typos. Please keep in mind that all comments are moderated according to our comment policy.

1 thought on β€œMastering Htpasswd Command on Linux”

  1. Excellent information. Since this tool is to be used by applications like Apache, could we integrate this file with the users or groups from the system itself (Linux). This way, we will follow security best practices and have a central user repository. Thanks

    Reply