Solved: how to setup a local login but with encrypted password MD5

TECH-JEFF · ‎03-17-2015

Hi,

I can setup an unencrypted password but how do you create an encrypted one?

Thanks
Jeff

Jefferson Co

Adeolu Owokade · ‎03-18-2015

Hi Jeff,

Use "secret" instead of "password". For example, instead of using something like "username example password Cisco", use "username example secret Cisco". That way, your secret is hashed with MD5.

You may also want to consider using an external AAA server for authentication.

View solution in original post

Adeolu Owokade · ‎03-19-2015

Hi Jeff,

You don't need to use an online creator; just type the secret (in unencrypted form) and the Cisco IOS will hash it for you in the running config.

Here's a simple example. Notice that the secret has been hashed in the running config (highlighted in red):

R1(config)#int fa0/0
R1(config-if)#ip addr 192.168.56.10 255.255.255.0
R1(config-if)#no shut
R1(config-if)#exit
R1(config)#username testuser secret testpassword
R1(config)#line vty 0 4
R1(config-line)#login local
R1(config-line)#
R1(config-line)#do show run | include username
username testuser secret 5 $1$92Sm$E7rP2PCZZvibvxPnVMuDH1

Now when I telnet to this router, I get the user access verification and I enter the username as "testuser" and the password as "testpassword" (not displayed)

User Access Verification

Username:
Username: testuser
Password:
R1>

View solution in original post

Adeolu Owokade · ‎03-18-2015

Please provide more information like what device you are using and what kind of password you want to configure.

TECH-JEFF · ‎03-18-2015

I would like to ensure all Cisco devices like routers and switches to have a centralized password. Some samples of models are Cisco Router 1900 and Cisco POE Switches 2960-X. I can set a local login for SSH or Console but unencrypted(plain text). For security, instead of unencrypted, I would like it to be encrypted like MD5 hash something like that

Thanks

Jeff

Jefferson Co

Adeolu Owokade · ‎03-18-2015

Hi Jeff,

Use "secret" instead of "password". For example, instead of using something like "username example password Cisco", use "username example secret Cisco". That way, your secret is hashed with MD5.

You may also want to consider using an external AAA server for authentication.

TECH-JEFF · ‎03-19-2015

Is ti advisable to use an online MD5 creator in creating the MD5 hash in the cisco secret command? I tried the secret command and it accepted but when I tried to test by logging in, it didnt accept.

Thanks

Jeff

Jefferson Co

Adeolu Owokade · ‎03-19-2015

Hi Jeff,

You don't need to use an online creator; just type the secret (in unencrypted form) and the Cisco IOS will hash it for you in the running config.

Here's a simple example. Notice that the secret has been hashed in the running config (highlighted in red):

R1(config)#int fa0/0
R1(config-if)#ip addr 192.168.56.10 255.255.255.0
R1(config-if)#no shut
R1(config-if)#exit
R1(config)#username testuser secret testpassword
R1(config)#line vty 0 4
R1(config-line)#login local
R1(config-line)#
R1(config-line)#do show run | include username
username testuser secret 5 $1$92Sm$E7rP2PCZZvibvxPnVMuDH1

Now when I telnet to this router, I get the user access verification and I enter the username as "testuser" and the password as "testpassword" (not displayed)

User Access Verification

Username:
Username: testuser
Password:
R1>

TECH-JEFF · ‎03-19-2015

wow! thanks Adeolu, really appreciate teaching a newbie like me! Thanks Thanks! Dont worry will be taking my Cisco class in a few weeks from now.

Jeff

Jefferson Co

Adeolu Owokade · ‎03-19-2015

No worries man. You are welcome and success in that Cisco class.