Solved: Copy and paste ASA passwords

johnlloyd_13 · ‎03-28-2017

hi,

my google search failed me and gives me old cisco links.

i'll be creating a standard deployment asa doc but want to hide/hash the password.

i just want the remote tech use the doc and copy/paste the enable PW, SSH PW, username PW.

so my question is:

if i configure the new PW on the ASA and i know (correct if i'm wrong) it displays in MD5 in show run,

can i just copy/paste the output on the word doc and it will still be the same PW?

i know i tried this on a router but haven't tried yet on the ASA. have to lab this yet tomorrow but want to get quick answers now

Marvin Rhoads · ‎03-28-2017

Yes - you can copy the config line like:

username john password hashedstring encrypted privilege 15

...between ASAs if you have entered it plaintext once and then retrieved the hashed value from the running-config. The username will work with the original plaintext password.

Note - I'm not positive about ASA 9.7. They changed the password hashing to use a new method called PBKDF2 vs. the old MD5. PBKDF2 uses a cryptographic salt (unlike MD5).

https://en.wikipedia.org/wiki/PBKDF2

View solution in original post

Marvin Rhoads · ‎03-28-2017

Yes - you can copy the config line like:

username john password hashedstring encrypted privilege 15

...between ASAs if you have entered it plaintext once and then retrieved the hashed value from the running-config. The username will work with the original plaintext password.

Note - I'm not positive about ASA 9.7. They changed the password hashing to use a new method called PBKDF2 vs. the old MD5. PBKDF2 uses a cryptographic salt (unlike MD5).

https://en.wikipedia.org/wiki/PBKDF2

johnlloyd_13 · ‎03-28-2017

hi marvin,

i've confirmed using my lab the copy/paste worked!

the latest image we've installed is 9.4 so we're not running 9.7 yet.