• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 3077
  • Last Modified:

password encryption cisco catalyst 2950

Hi all,

After been landed with the job of looking after our pixes and switches and been a noob to it all, I am trying to reconfigure t our routers. I have configured them so user who log on to them authenticate against a aaa server. I have set this all up and works fine. I want to set up a local user with en and privilege 15 as fallback user in case AAA is down, etc.  This all works fine, the only problem is the password is not encrypted, shown in cleartext. the command i used was

username Joe privilege 15 password 7 hereismypassword

the reply i recieve is
Invalid encrypted password: hereismypassword

When I leave out 7 it works fine but password is in cleartext, I am sure there is a very simple answer to this, but i have not found it yet.

Regards Hugh
0
huwa
Asked:
huwa
  • 2
  • 2
1 Solution
 
minmeiCommented:
Hugh,

When you enter the command with the 7, the Cisco assumes the password is already encrypted.

When you leave out the seven, it shows cleartext.

Enter a command called "service password-encryption"

This will encrypt (badly) the password you entered in cleartext so it won't show.

This encryption is a simple hash that is easily broken, by free programs or web sites, so at least make this password different than the enable secret.

HTH
0
 
huwaAuthor Commented:
Hi,

Thanks for the reply,

Enter a command called "service password-encryption"

This will encrypt (badly) the password you entered in cleartext so it won't show.

Is this the only way to encrypt it, from the sound of it you are saying the enabled password is encryted better/stronger as the " service password encryption" I would like to have them both as strong as possible. thx
0
 
minmeiCommented:
the enable password is encrypted using a different algorithm.

when it shows up, you'll see the number 5 instead of seven.

Never tried it, but since you can enter the number when you enter the password, try this...

enter the "enable secret bubblegum" (really your username password"

do a "show run"

write down the encrypted password

enter "username blah password 5 <encryted password here>"

change the enable secret to what you want.

No worries even if this does not work, because the username can get you logged into the router, but you still need to get into enable mode to do most damage.

And you don't need to publish your config anywhere public.
0
 
huwaAuthor Commented:

Your right, the confs wont be puiblishe and are in a locked down folder, I have just looked at a different router and it seems to use "service password-encryption". So i will just do the same, did do and works. Thanks again for your help, may try what you said when i have time on a spare switch rather than a live one, and see if it works.

Have a nice day
Hugh
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now