?
Solved

password encryption  cisco catalyst 2950

Posted on 2005-03-10
4
Medium Priority
?
2,948 Views
Last Modified: 2008-01-16
Hi all,

After been landed with the job of looking after our pixes and switches and been a noob to it all, I am trying to reconfigure t our routers. I have configured them so user who log on to them authenticate against a aaa server. I have set this all up and works fine. I want to set up a local user with en and privilege 15 as fallback user in case AAA is down, etc.  This all works fine, the only problem is the password is not encrypted, shown in cleartext. the command i used was

username Joe privilege 15 password 7 hereismypassword

the reply i recieve is
Invalid encrypted password: hereismypassword

When I leave out 7 it works fine but password is in cleartext, I am sure there is a very simple answer to this, but i have not found it yet.

Regards Hugh
0
Comment
Question by:huwa
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
4 Comments
 
LVL 7

Accepted Solution

by:
minmei earned 500 total points
ID: 13505053
Hugh,

When you enter the command with the 7, the Cisco assumes the password is already encrypted.

When you leave out the seven, it shows cleartext.

Enter a command called "service password-encryption"

This will encrypt (badly) the password you entered in cleartext so it won't show.

This encryption is a simple hash that is easily broken, by free programs or web sites, so at least make this password different than the enable secret.

HTH
0
 
LVL 2

Author Comment

by:huwa
ID: 13505091
Hi,

Thanks for the reply,

Enter a command called "service password-encryption"

This will encrypt (badly) the password you entered in cleartext so it won't show.

Is this the only way to encrypt it, from the sound of it you are saying the enabled password is encryted better/stronger as the " service password encryption" I would like to have them both as strong as possible. thx
0
 
LVL 7

Expert Comment

by:minmei
ID: 13505134
the enable password is encrypted using a different algorithm.

when it shows up, you'll see the number 5 instead of seven.

Never tried it, but since you can enter the number when you enter the password, try this...

enter the "enable secret bubblegum" (really your username password"

do a "show run"

write down the encrypted password

enter "username blah password 5 <encryted password here>"

change the enable secret to what you want.

No worries even if this does not work, because the username can get you logged into the router, but you still need to get into enable mode to do most damage.

And you don't need to publish your config anywhere public.
0
 
LVL 2

Author Comment

by:huwa
ID: 13505196

Your right, the confs wont be puiblishe and are in a locked down folder, I have just looked at a different router and it seems to use "service password-encryption". So i will just do the same, did do and works. Thanks again for your help, may try what you said when i have time on a spare switch rather than a live one, and see if it works.

Have a nice day
Hugh
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In the hope of saving someone else's sanity... About a year ago we bought a Cisco 1921 router with two ADSL/VDSL EHWIC cards to load balance local network traffic over the two broadband lines we have, but we couldn't get the routing to work consi…
Tired of waiting for your show or movie to load?  Are buffering issues a constant problem with your internet connection?  Check this article out to see if these simple adjustments are the solution for you.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Suggested Courses

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question