Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
19202
Views
10
Helpful
4
Replies

Problem with "secret 5"

Go to solution
Cisco_Learner25
Level 1
Level 1

‎01-27-2017 02:08 AM - edited ‎03-11-2019 12:24 AM

Hi members,

I need help to resolve a problem. In the following code

username youngman secret 5 teabag2

When I write this code I get the following error message

ERROR: The secret you entered is not a valid encrypted secret.
To enter an UNENCRYPTED secret, do not specify type 5 encryption.
When you properly enter an UNENCRYPTED secret, it will be encrypted.

Could somebody tell me please that how I can get rid of this issue? How can I make my password encrypted before putting into the script?

thanks in advance.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Rahul Govindan
VIP Alumni
VIP Alumni
In response to Cisco_Learner25

‎01-27-2017 06:39 AM

Let me use the right terminology. Using "secret" hashes the password when you enter it into a CLI. You can hash it before putting it into CLI but you need to use the same algorithm that Cisco uses.

Any reason that you want to encrypt it before? As soon as you enter it into the CLI, the password is hashed and cannot be traced back to the original way( not easily at least).

View solution in original post

4 Replies 4

Go to solution
Rahul Govindan
VIP Alumni
VIP Alumni

‎01-27-2017 05:07 AM

Just use:

username youngman secret 0 teabag2

If you are entering the cleartext password, you have to use 0. Cisco will automatically encrypt it when entering it in.

Enable secret 5 is what you would see after the password/secret has been encrypted.

0 Helpful

Go to solution
Cisco_Learner25
Level 1
Level 1
In response to Rahul Govindan

‎01-27-2017 05:54 AM

thanks for the answer. How can I make my password encrypted before?

0 Helpful

Go to solution
Rahul Govindan
VIP Alumni
VIP Alumni
In response to Cisco_Learner25

‎01-27-2017 06:39 AM

Let me use the right terminology. Using "secret" hashes the password when you enter it into a CLI. You can hash it before putting it into CLI but you need to use the same algorithm that Cisco uses.

Any reason that you want to encrypt it before? As soon as you enter it into the CLI, the password is hashed and cannot be traced back to the original way( not easily at least).

Go to solution
Karsten Iwen
VIP
VIP
In response to Cisco_Learner25

‎01-29-2017 03:16 AM

You can use openssl to generate the password-hashes offline. For type 5 it works the following way:

kiMac:~ karsten$ openssl passwd -salt hetw -1 cisco
$1$hetw$V8ZgR7FNZzy3TvQBv1Ab3.

"hetw" is the salt and should be a random string, "cisco" is the cleartext-password. You can paste the result directly into the config:

router(config)# username test secret 5 $1$hetw$V8ZgR7FNZzy3TvQBv1Ab3.
Customers Also Viewed These Support Documents