- Silver, 250 points or more
I have a question about setting up user accounts on a Cisco router.
I have seen a statement like the following on a Cisco router
username cisco privilege 15 secret 5 $1$s4bl$Lb.b/v/HgWKTdfP/h9
However if I try and enter the command "username <myname> privilege 15 secret 5 <password in plain text> I get the following error
BETE_R1-3640(config)#username michael privilege 15 secret 5 password
ERROR: The secret you entered is not a valid encrypted secret.
To enter an UNENCRYPTED secret, do not specify type 5 encryption.
When you properly enter an UNENCRYPTED secret, it will be encrypted.
Which seems to suggest that I have to enter the password in MD5 encrypted fashion. Is this the case?
If yes, is there some way that you can create a MD5 encrypted password to enter on your router?
You will only specify 5 if the password has been previously encrypted. If you are entering a password and it is not encrypted it not accept it because it is not a valid MD5 string. Below is how to configure a username/password that will use the MD5 encryption.
username privelige 15 secret
in the config it will show an encrypted MD5 password.
As per my experience you need to always discard the "5" when you want to encrypt the password. The secret keyword ensures that the password is md5 protected
The converted MD5 password can then be seen using the show run command. The line can then be entered as it is (including the 5) on other routers for similar configuration