Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
16079
Views
3
Helpful
6
Replies

Setting a Hidden Password

cpalayoor
Level 1
Level 1

‎07-25-2003 07:34 AM - edited ‎03-04-2019 02:52 AM

Hi,

I am attempting to understand the nuances of setting up secure passwords. While exploring the various parameters to setting up a password for the line console, I encounter the following ...

"Cisco(config-line)#password ?

0 Specifies an UNENCRYPTED password will follow

7 Specifies a HIDDEN password will follow

LINE The UNENCRYPTED (cleartext) line password"

My initial understanding of the parameter 7 is that it should enable me to specify a hidden password which would not be displayed in the sh config.

However when I proceed to test it out, I get the following results....

"line console 0

login

password 7 my_password"

followed by the following error

"Invalid Encrypted password : my_password"

What am I doing wrong here. I suspect that my understanding of the function of the hidden password is incorrect.

Thanks

CP

Labels:
0 Helpful
6 Replies 6

thisisshanky
Level 11
Level 11

‎07-25-2003 07:46 AM

password 7 expects an MD7 encrypted string, to be entered. What you can do is use regular type 0 unencrypted password and just enable the command,

"service password-encryption" in Global config mode.

Note that type 7 encryption is very weak, and there are utilities which can break that.

Sankar Nair
UC Solutions Architect
Pacific Northwest | CDW
CCIE Collaboration #17135 Emeritus
0 Helpful

cpalayoor
Level 1
Level 1
In response to thisisshanky

‎07-25-2003 08:07 AM

Hi, Thank you for your responses. My questions are of an academic nature. In what situations would I use password 7. When you say that password 7 expects an MD7 encrypted string to be entered, do you copy and paste from another configurations ?

Regards

CP

0 Helpful

thisisshanky
Level 11
Level 11
In response to cpalayoor

‎07-25-2003 08:19 AM

Yes you can copy and paste too. (butmake sure you do know what the password was on the other configuration)

Sankar Nair
UC Solutions Architect
Pacific Northwest | CDW
CCIE Collaboration #17135 Emeritus
0 Helpful

cpalayoor
Level 1
Level 1
In response to thisisshanky

‎07-25-2003 08:27 AM

How do I generate an initial MD7 password. Does the IOS have a feature to do that or do I use an external utility.

Regards

CP

0 Helpful

milan.kulik
Level 10
Level 10
In response to cpalayoor

‎07-28-2003 01:29 AM

Use

conf t

service password-encryption

user user_name password clear_password

IOS will put following line to your config

user user_name password 7 MD7_password.

Regards,

Milan

0 Helpful

deilert
Level 6
Level 6

‎07-25-2003 07:46 AM

the 7 specifies that the password will be encrypted

Customers Also Viewed These Support Documents