According to the command reference (and interactive prompting), it should be possible to enter an existing secret's encrypted hash when creating/updating a user (https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst9300/software/release/16-12/command_reference/b_1612_9300_cr/security_commands.html#wp2613836001), such as taking the config from one device and applying to another device.

eg.

Take the following

username testuser privilege 15 secret 5 <md5 hash>

and simply enter this in config mode.

However this produces an error:

c9300(config)#username testuser privilege 15 algorithm-type md5 secret 0 SomeTestPassword123
 WARNING: Command has been added to the configuration using a type 5 password. However, type 5 passwords will soon be deprecated. Migrate to a supported password type
c9300(config)#do show run | i testuser
username testuser privilege 15 secret 5 $1$ib3A$7kMdMHRHcpP/2BhqUksMz.
c9300(config)#username testuser privilege 15 secret 5 $1$ib3A$7kMdMHRHcpP/2BhqUksMz.
ERROR: The secret you entered is not a valid encrypted secret.
To enter an UNENCRYPTED secret, do not specify type 5 encryption.
When you properly enter an UNENCRYPTED secret, it will be encrypted.


c9300(config)#username testuser privilege 15 secret 0 SomeTestPassword123
c9300(config)#do show run | i testuser
username testuser privilege 15 secret 9 $9$KhBIjStDECnUe.$yaknNzfesYjLPP35S5pSQ51u0Zq9DqAd7FRwux9HiO6
c9300(config)#username testuser privilege 15 secret 9 $9$KhBIjStDECnUe.$yaknNzfesYjLPP35S5pSQ51u0Zq9DqAd7FRwux9HiO6
ERROR: The secret you entered is not a valid encrypted secret.
To enter an UNENCRYPTED secret, do not specify type 9 encryption.
When you properly enter an UNENCRYPTED secret, it will be encrypted.

Is something wrong here?