cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
560
Views
0
Helpful
9
Replies
Highlighted
Beginner

Type 9 (Scrypt) Password doesn't work for console access

Hi community,

 

I just configured a scrypt type 9 password and wanted to use it for my console login. It seems like the ISR 4331 cannot process this password. Is this a known limitation or might it be a bug.

 

Thank you in advance.

 

Best regards

 

Thomas

Everyone's tags (3)
9 REPLIES 9
Hall of Fame Master

Re: Type 9 (Scrypt) Password doesn't work for console access

Thomas

 

Can you tell us what version of code your 4331 is running? It could very well be that your 4331 is running a version that does not support this type of password.

 

HTH

 

Rick

Beginner

Re: Type 9 (Scrypt) Password doesn't work for console access

Hi Richard,

 

thank you for the reply.

We are running SW Version 16.6.4 (Everest).

Hall of Fame Master

Re: Type 9 (Scrypt) Password doesn't work for console access

Did you enable the scrypt algorithm? Can you show us the exact syntax you used in configuring the password and the response from the router?

 

HTH

 

Rick

Beginner

Re: Type 9 (Scrypt) Password doesn't work for console access

Hi Richard,

 

these are the steps I made:

 

1st: In order to get a Type 9 hash I entered the following command: enable algorithm-type scrypt secret password

this gave me the type 9 hash which I used with the following command username cisco priviledge 15 password 9 hash

after that I set the login local at the line con 0 level.

That resulted in an unsuccessful login on the console level. Error message %Bad Secrets

 

Best regards.

Hall of Fame Master

Re: Type 9 (Scrypt) Password doesn't work for console access

Thanks for the additional information. i suggest that you try this version of the command

username cisco priviledge 15 secret 9 hash

 

HTH

 

Rick

Beginner

Re: Type 9 (Scrypt) Password doesn't work for console access

Hi Rick,

 

thank you for the Input. That's the command I used initially. Sorry I had a typo in my previous message.

Could that be a bug?

 

Best regards

 

Thomas

Hall of Fame Master

Re: Type 9 (Scrypt) Password doesn't work for console access

Glad to know that it was a typo in your message. I certainly can not rule out the possibility of a bug. But I think it more likely that there was some flaw in your process of creating the hash and in using the hash in creating the user id. I would suggest that you try it again. This time use some very simple password (nothing elaborate, no special characters etc) and create a new hash, then configure a user id using the new hash. If it still does not work it might be a good idea to open a case with Cisco TAC about this. They would be the best ones to determine if it were a bug.

 

HTH

 

Rick

Beginner

Re: Type 9 (Scrypt) Password doesn't work for console access

Hello Richard,

 

thank you for your message. I will give it a try. My main concern would have been if I had a wrong Syntax or if the feature is not supported on that specific IOS.

 

Best regards.

Hall of Fame Master

Re: Type 9 (Scrypt) Password doesn't work for console access

If it were an issue with the feature not supported in that version I would certainly expect an error message when you attempted the command. Since there was no error message it should be safe to assume that it is supported. There might be some issue about syntax but what we have seen so far seems your syntax was ok. Cant rule out a bug. But I still think there might be some issue about the particular password or some human issue in the generation of the hash and the transfer of the hash to the user id password command.

 

HTH

 

Rick

CreatePlease to create content
Content for Community-Ad
July's Community Spotlight Awards