cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
15905
Views
3
Helpful
6
Replies

Setting a Hidden Password

cpalayoor
Level 1
Level 1

Hi,

I am attempting to understand the nuances of setting up secure passwords. While exploring the various parameters to setting up a password for the line console, I encounter the following ...

"Cisco(config-line)#password ?

0 Specifies an UNENCRYPTED password will follow

7 Specifies a HIDDEN password will follow

LINE The UNENCRYPTED (cleartext) line password"

My initial understanding of the parameter 7 is that it should enable me to specify a hidden password which would not be displayed in the sh config.

However when I proceed to test it out, I get the following results....

"line console 0

login

password 7 my_password"

followed by the following error

"Invalid Encrypted password : my_password"

What am I doing wrong here. I suspect that my understanding of the function of the hidden password is incorrect.

Thanks

CP

6 Replies 6

thisisshanky
Level 11
Level 11

password 7 expects an MD7 encrypted string, to be entered. What you can do is use regular type 0 unencrypted password and just enable the command,

"service password-encryption" in Global config mode.

Note that type 7 encryption is very weak, and there are utilities which can break that.

Sankar Nair
UC Solutions Architect
Pacific Northwest | CDW
CCIE Collaboration #17135 Emeritus

Hi, Thank you for your responses. My questions are of an academic nature. In what situations would I use password 7. When you say that password 7 expects an MD7 encrypted string to be entered, do you copy and paste from another configurations ?

Regards

CP

Yes you can copy and paste too. (butmake sure you do know what the password was on the other configuration)

Sankar Nair
UC Solutions Architect
Pacific Northwest | CDW
CCIE Collaboration #17135 Emeritus

How do I generate an initial MD7 password. Does the IOS have a feature to do that or do I use an external utility.

Regards

CP

Use

conf t

service password-encryption

user user_name password clear_password

IOS will put following line to your config

user user_name password 7 MD7_password.

Regards,

Milan

deilert
Level 6
Level 6

the 7 specifies that the password will be encrypted

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco