08-02-2014 12:41 AM - edited 02-21-2020 05:15 AM
I am running IOS 15.2(4) on a 1921 Router
What is the best way to configure the password for the router? I have already tried once and managed to lock myself out of another switch. I would like to use the most secure method which encrypts the password.
Current Config:
username admin privilege 15 password 0 cisco123
Solved! Go to Solution.
08-02-2014 02:16 AM
Hi Kevin,
Use the key word secret instead of password to have the more secured and encrypted password.
The syntax which you use will display the password in clear text.....
R1(config)#username test privilege 15 password 0 test
R1(config)#exi
R1#sh runn
*Mar 1 00:00:25.523: %SYS-5-CONFIG_I: Configured from console by console
R1#sh runn | in test
username test privilege 15 password 0 test
R1#
If you use the secret keyword then it will get encrypted.
R1#sh runn | in test1
username test1 privilege 15 secret 5 $1$PV6g$sGMYxxmW8hD9Cdy7TsmHF0
R1#
Regards
Karthik
08-02-2014 02:16 AM
Hi Kevin,
Use the key word secret instead of password to have the more secured and encrypted password.
The syntax which you use will display the password in clear text.....
R1(config)#username test privilege 15 password 0 test
R1(config)#exi
R1#sh runn
*Mar 1 00:00:25.523: %SYS-5-CONFIG_I: Configured from console by console
R1#sh runn | in test
username test privilege 15 password 0 test
R1#
If you use the secret keyword then it will get encrypted.
R1#sh runn | in test1
username test1 privilege 15 secret 5 $1$PV6g$sGMYxxmW8hD9Cdy7TsmHF0
R1#
Regards
Karthik
08-04-2014 01:01 AM
Thanks for the help Karthik
What would be the best way to change my password?
Should I create a second username and password first and then delete the first one?
08-04-2014 01:42 AM
Hi Kevin,
You can give the password change with the same username... it will overwrite it...
say your present password is like this
username test1 privilege 15 secret 5 $1$PV6g$sGMYxxmW8hD9Cdy7TsmHF0(encrypted one)
conf t#username test1 privilege 15 secret <new password>.
It will get automatically overwritten with the updated new password.
Regards
Karthik
08-05-2014 12:14 AM
Cisco IOS will not let me use a type 5 password. This is the error message I receive:
ERROR: The secret you entered is not a valid encrypted secret.
To enter an UNENCRYPTED secret, do not specify type 5 encryption.
When you properly enter an UNENCRYPTED secret, it will be encrypted.
I tried generating an MD5 hash and inputting that in and that did not work either. When I do not specify type 5 it will default to using an encrypted type 4 password.
Also, what is the difference between these two enable secret commands?
enable secret 5 password
username admin privilege 15 secret 5 password
08-05-2014 12:17 AM
Hi Kevin,
enable secret <new password>
username admin privilege 15 secret <new password>
you need to omit 5 during the password change.... that will come in sh runn after the encryption....
Regards
Karthik
08-05-2014 12:44 AM
Hi Kevin,
Also enable this command in your box.
service password-encryption..... so that if you give password keyword also it will still encrypt..... but it will be encrypted on method 7, which can be easily poosible to crack using many online tools..
Regards
Karthik
08-06-2014 12:00 AM
When i omit the 5 it encrypts with level 4. Is there a way to change the default setting to level 5?
08-06-2014 12:32 AM
Hi Kevin,
No need to worry about encryption type 4 or 5.... both are secured....
router#configure terminal Enter configuration commands, one per line. End with CNTL/Z. router#(config)#enable secret ? 0 Specifies an UNENCRYPTED password will follow 4 Specifies an SHA256 ENCRYPTED secret will follow 5 Specifies a MD5 ENCRYPTED secret will follow LINE The UNENCRYPTED (cleartext) 'enable' secret level Set exec level password
I can say encryption type 4 is more secured. Because encryption type 5 (MD5) is getting depreceated.
If you still want to do that... then you need to do like this
enable secret 5 <MD5 Encrypted Password>
username admin secret 5 <MD5 Encrypted Password>
you need to generate it from the MD5 available device (old IOS routers) or through the online tool to generate it.
But you can leave with type 4 which is more secured.
Regards
Karthik
08-05-2014 12:15 AM
Cisco IOS will not let me use a type 5 password. This is the error message I receive:
ERROR: The secret you entered is not a valid encrypted secret.
To enter an UNENCRYPTED secret, do not specify type 5 encryption.
When you properly enter an UNENCRYPTED secret, it will be encrypted.
I tried generating an MD5 hash and inputting that in and that did not work either. When I do not specify type 5 it will default to using an encrypted type 4 password.
Also, what is the difference between these two enable secret commands?
enable secret 5 password
username admin privilege 15 secret 5 password
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide