cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
407
Views
1
Helpful
9
Replies
ron.whitt
Beginner

Use of "!" in device password credentials

I'm trying to connect a device with a password that contains an exclamation point (ex: ABCDEF!).  I know there is some kind of escape character needed to get this into the device configuration but I can't find it in any of the documentation.  Any advice or help on how to get such a password string into the umap for a user / PW combination?

Thanks

1 ACCEPTED SOLUTION

Accepted Solutions
khgrant
Cisco Employee

 



You can try either of:

default-map remote-password "test!"
or
default-map remote-password test\!

 

View solution in original post

9 REPLIES 9
ian.scheidler1
Enthusiast

Best thing would be to change the password to soemthing else (see: What are invalid characters for a password in a Cisco router or firewall? - Network Engineering Stack Exchange).

If you want to enter a ? as e.g. an enable secret on the device directly you would use Ctrl-V then ?. You are talking about entering it into umap from the NSO CLI, right (e.g. devices authgroups group iosdevs umap admin same-pass same-user remote-secondary-password myenablepassword)?


Not sure how that would work.


Can you maybe create yourself an NSO User (think that can even be done from WebUI, not sure though as I cannot check here currently), give him the password with ! and then use "same-pass [yourdevusername]" similar to the way I wrote above?


Hope this helps a little.

just verified that it is possible to create a user from NSO webUI.

  1. log on to web UI as admin
  2. click on menu button at the top left corner of the web UI (the white circle with 3 black horizontal lines)
  3. from "Modules", uncollaps "tailf-aaa" and click "aaa"
  4. in the now open "authentication" tab under "User management" click on "users"
  5. click + sign
  6. enter username (use same username as on the device for convenience)
  7. in the now opening "user" tab set imaginary (or in your case better: meaningful!) values for uid(I used 12345), gid (I used 1234), ssh_keydir(I used /), homedir (I used /home/testuser) and enter e.g. ABCDEF! as password.
  8. Log off from webUI and try logging on as your newly created user with the "!-password", should work.

From NSO CLI you can now add this user to the appropriate authgroup e.g. devices authgroups group iosdevs umap [yournewlycreatedusergoeshere] same-pass remote-secondary-password myenablepassword.

The above assumes you have an authgroup for e.g. the IOS devices (group iosdevs).

remote-secondary-password myenablepassword only needs to be set if you have that active/configured on the device.

Details regarding users/usergroups can be found in the NSO admin guide I think.

When you now logon to the device from NSO the password with the ! should be  passed on correctly I believe. But as mentioned in my initial post: Best to leave out "weird characters", especially ?. Stick with alphanumeric (in upper and lowercase) and gain slightly more entropy by using a few characters more in the password (that will roughly make up for not using chars such as ! or ?).

Btw...have you tried setting the password incl. ! for the user from NSO CLI. I think it might work!? ! should not be a "functional" key in the NSO cli.

Following up on Ron's thread.   The IOS devices have an enable password and it also contains an "!".   The password is the standard and used on all managed devices in the environment (isolated POC/demo lab).   I ran into this previously and discovered the escape character but a new install of NSO wiped out the cdb and I don't recall what it was.

Thanks

Yes, I'm using the NSO CLI for this.

sorry...have to pass on the actual escape character used...can only offer the workaround already provided above.

Once you have it sorted though you could implement yourself a service to change the password on all devices in your lab in one go (and you could even restrict people from ever using "weird" characters when using the NSO service)...that is (some of) the beauty of NSO.

khgrant
Cisco Employee

 

Can you try to set the password using double-quote?

 

 

-----

 

devices authgroups group adminx

 

default-map remote-name   admin

 

default-map remote-password “ABCDEF!”

 

-----

 

 

Using cisco-ios NED and CSR1kv, I see the same and solved with this.

 

I think it depends on what NED to use though.

 

khgrant
Cisco Employee

 



You can try either of:

default-map remote-password "test!"
or
default-map remote-password test\!

 

Yes, both "...! " and ...\! work.  Thanks!

Create
Recognize Your Peers
Content for Community-Ad