Command echo "__SSH_USERNAME__:__SSH_PASSWORD__" | chpasswd used for nginx will work but is highly insecure, more so due to non-bash shell lacking echo as a built-in command. It will execute /bin/echo and so the password will show up in the process table and can be seen with tools like ps.
The passwd command was intentionally built to require input from the keyboard, using the --stdin option to pipe in the password (or the chpasswd command when this option is not available) goes against unix security policies. It is used here for academic purposes but this should be documented and perhaps changed.
Slightly less insecure example:
passwd --stdin < "passwordfile" # With a password file that was created with a secure umask(1), a little bit secure.
See: mywiki.wooledge and stackoverflow
Command
echo "__SSH_USERNAME__:__SSH_PASSWORD__" | chpasswdused for nginx will work but is highly insecure, more so due to non-bash shell lackingechoas a built-in command. It will execute/bin/echoand so the password will show up in the process table and can be seen with tools likeps.The
passwdcommand was intentionally built to require input from the keyboard, using the--stdinoption to pipe in the password (or thechpasswdcommand when this option is not available) goes against unix security policies. It is used here for academic purposes but this should be documented and perhaps changed.Slightly less insecure example:
passwd --stdin < "passwordfile" # With a password file that was created with a secureumask(1), a little bit secure.See: mywiki.wooledge and stackoverflow