cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
21148
Views
10
Helpful
4
Replies

Problem with "secret 5"

Cisco_Learner25
Level 1
Level 1

Hi members,

I need help to resolve a problem. In the following code

username youngman secret 5 teabag2

When I write this code I get the following error message

ERROR: The secret you entered is not a valid encrypted secret.
To enter an UNENCRYPTED secret, do not specify type 5 encryption.
When you properly enter an UNENCRYPTED secret, it will be encrypted.

Could somebody tell me please that how I can get rid of this issue? How can I make my password encrypted before putting into the script?

thanks in advance.

1 Accepted Solution

Accepted Solutions

Let me use the right terminology. Using "secret" hashes the password when you enter it into a CLI. You can hash it before putting it into CLI but you need to use the same algorithm that Cisco uses.

Any reason that you want to encrypt it before? As soon as you enter it into the CLI, the password is hashed and cannot be traced back to the original way( not easily at least).

View solution in original post

4 Replies 4

Rahul Govindan
VIP Alumni
VIP Alumni

Just use:

username youngman secret 0 teabag2

If you are entering the cleartext password, you have to use 0. Cisco will automatically encrypt it when entering it in.

Enable secret 5 is what you would see after the password/secret has been encrypted.

thanks for the answer. How can I make my password encrypted before?

Let me use the right terminology. Using "secret" hashes the password when you enter it into a CLI. You can hash it before putting it into CLI but you need to use the same algorithm that Cisco uses.

Any reason that you want to encrypt it before? As soon as you enter it into the CLI, the password is hashed and cannot be traced back to the original way( not easily at least).

You can use openssl to generate the password-hashes offline. For type 5 it works the following way:

kiMac:~ karsten$ openssl passwd -salt hetw -1 cisco
$1$hetw$V8ZgR7FNZzy3TvQBv1Ab3.

"hetw" is the salt and should be a random string, "cisco" is the cleartext-password. You can paste the result directly into the config:

router(config)# username test secret 5 $1$hetw$V8ZgR7FNZzy3TvQBv1Ab3.