Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Encrpyt Username?

Is there a way to encrpty the usernames below locally???

version 12.1

no service single-slot-reload-enable

no service pad

service timestamps debug datetime

service timestamps log datetime

service password-encryption

!

hostname XXXXXX

!

logging console warnings

no logging monitor

aaa new-model

enable secret 5 <removed>

!

username aaa password 7 <removed>

username ppp password 7 <removed>

username jjj password 7 <removed>

4 REPLIES
Gold

Re: Encrpyt Username?

Peter,

Answer to your question is yes you can encrypt usernames -

First, enable password encryption to “hide” the clear-text passwords in the configuration.

> service password-encryption

Now define the password,

i.e. username admin password admin1

So now admin’s password is now admin1 and when displayed on the routers’s configuration, you’ll see the passwords in their encrypted form:

Username admin password 7 045673A0CBX1

The only drawback to this is that it’s not manageable, for instance if you need to work with more than a few users and one or two routers.

The better solution to this is to make a central authentication repository using authentication protocol, and configure the router to use the authentication server. There are several different protocols that you can use but the most popular are XTACACS, Radius, and TACACS+.TACACS+ uses the AAA protocol and is supported by the CiscoSecure product.

Hope this helps and let me know how you get on.

Regards – Jay.

New Member

Re: Encrpyt Username?

This will encrypt the password, not the username.

Cisco Employee

Re: Encrpyt Username?

To answer your original question, no , there is no way to encrypt the username in a router config. Also, keep in mind that encrypting the passwords using level 7 is *very* insecure also and they can be easily unencrypted in about half a second.

You're better off storing all these on a separate authentication server. If you have Win2K server then it comes with a free Radius server that you can use.

New Member

Re: Encrpyt Username?

If someone can get ahold of your level 7 encrypted password, they can use BOSON's getpass to unencrypt it... I also suggest using radius.

114
Views
0
Helpful
4
Replies
CreatePlease to create content