Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Setting a Hidden Password

Hi,

I am attempting to understand the nuances of setting up secure passwords. While exploring the various parameters to setting up a password for the line console, I encounter the following ...

"Cisco(config-line)#password ?

0 Specifies an UNENCRYPTED password will follow

7 Specifies a HIDDEN password will follow

LINE The UNENCRYPTED (cleartext) line password"

My initial understanding of the parameter 7 is that it should enable me to specify a hidden password which would not be displayed in the sh config.

However when I proceed to test it out, I get the following results....

"line console 0

login

password 7 my_password"

followed by the following error

"Invalid Encrypted password : my_password"

What am I doing wrong here. I suspect that my understanding of the function of the hidden password is incorrect.

Thanks

CP

6 REPLIES

Re: Setting a Hidden Password

password 7 expects an MD7 encrypted string, to be entered. What you can do is use regular type 0 unencrypted password and just enable the command,

"service password-encryption" in Global config mode.

Note that type 7 encryption is very weak, and there are utilities which can break that.

New Member

Re: Setting a Hidden Password

Hi, Thank you for your responses. My questions are of an academic nature. In what situations would I use password 7. When you say that password 7 expects an MD7 encrypted string to be entered, do you copy and paste from another configurations ?

Regards

CP

Re: Setting a Hidden Password

Yes you can copy and paste too. (butmake sure you do know what the password was on the other configuration)

New Member

Re: Setting a Hidden Password

How do I generate an initial MD7 password. Does the IOS have a feature to do that or do I use an external utility.

Regards

CP

Re: Setting a Hidden Password

Use

conf t

service password-encryption

user user_name password clear_password

IOS will put following line to your config

user user_name password 7 MD7_password.

Regards,

Milan

Silver

Re: Setting a Hidden Password

the 7 specifies that the password will be encrypted

993
Views
3
Helpful
6
Replies