huwa
asked on
password encryption cisco catalyst 2950
Hi all,
After been landed with the job of looking after our pixes and switches and been a noob to it all, I am trying to reconfigure t our routers. I have configured them so user who log on to them authenticate against a aaa server. I have set this all up and works fine. I want to set up a local user with en and privilege 15 as fallback user in case AAA is down, etc. This all works fine, the only problem is the password is not encrypted, shown in cleartext. the command i used was
username Joe privilege 15 password 7 hereismypassword
the reply i recieve is
Invalid encrypted password: hereismypassword
When I leave out 7 it works fine but password is in cleartext, I am sure there is a very simple answer to this, but i have not found it yet.
Regards Hugh
After been landed with the job of looking after our pixes and switches and been a noob to it all, I am trying to reconfigure t our routers. I have configured them so user who log on to them authenticate against a aaa server. I have set this all up and works fine. I want to set up a local user with en and privilege 15 as fallback user in case AAA is down, etc. This all works fine, the only problem is the password is not encrypted, shown in cleartext. the command i used was
username Joe privilege 15 password 7 hereismypassword
the reply i recieve is
Invalid encrypted password: hereismypassword
When I leave out 7 it works fine but password is in cleartext, I am sure there is a very simple answer to this, but i have not found it yet.
Regards Hugh
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
the enable password is encrypted using a different algorithm.
when it shows up, you'll see the number 5 instead of seven.
Never tried it, but since you can enter the number when you enter the password, try this...
enter the "enable secret bubblegum" (really your username password"
do a "show run"
write down the encrypted password
enter "username blah password 5 <encryted password here>"
change the enable secret to what you want.
No worries even if this does not work, because the username can get you logged into the router, but you still need to get into enable mode to do most damage.
And you don't need to publish your config anywhere public.
when it shows up, you'll see the number 5 instead of seven.
Never tried it, but since you can enter the number when you enter the password, try this...
enter the "enable secret bubblegum" (really your username password"
do a "show run"
write down the encrypted password
enter "username blah password 5 <encryted password here>"
change the enable secret to what you want.
No worries even if this does not work, because the username can get you logged into the router, but you still need to get into enable mode to do most damage.
And you don't need to publish your config anywhere public.
ASKER
Your right, the confs wont be puiblishe and are in a locked down folder, I have just looked at a different router and it seems to use "service password-encryption". So i will just do the same, did do and works. Thanks again for your help, may try what you said when i have time on a spare switch rather than a live one, and see if it works.
Have a nice day
Hugh
ASKER
Thanks for the reply,
Enter a command called "service password-encryption"
This will encrypt (badly) the password you entered in cleartext so it won't show.
Is this the only way to encrypt it, from the sound of it you are saying the enabled password is encryted better/stronger as the " service password encryption" I would like to have them both as strong as possible. thx