Showing results for 
Search instead for 
Did you mean: 

Use of "!" in device password credentials

I'm trying to connect a device with a password that contains an exclamation point (ex: ABCDEF!).  I know there is some kind of escape character needed to get this into the device configuration but I can't find it in any of the documentation.  Any advice or help on how to get such a password string into the umap for a user / PW combination?


Accepted Solutions

You can try either of:default-map remote-password "test!"ordefault-map remote-password test\!

View solution in original post


Best thing would be to change the password to soemthing else (see: What are invalid characters for a password in a Cisco router or firewall? - Network Engineering Stack Exchange).

If you want to enter a ? as e.g. an enable secret on the device directly you would use Ctrl-Vthen ?. You are talking about entering it into umap from the NSO CLI, right (e.g. devices authgroups group iosdevs umap admin same-pass same-user remote-secondary-password myenablepassword)?

Not sure how that would work.

Can you maybe create yourself an NSO User (think that can even be done from WebUI, not sure though as I cannot check here currently), give him the password with ! and then use "same-pass [yourdevusername]" similar to the way I wrote above?

Hope this helps a little.

just verified that it is possible to create a user from NSO webUI.

  1. log on to web UI as admin
  2. click on menu button at the top left corner of the web UI (the white circle with 3 black horizontal lines)
  3. from "Modules", uncollaps "tailf-aaa" and click "aaa"
  4. in the now open "authentication" tab under "User management" click on "users"
  5. click + sign
  6. enter username (use same username as on the device for convenience)
  7. in the now opening "user" tab set imaginary (or in your case better: meaningful!) values for uid(I used 12345), gid (I used 1234), ssh_keydir(I used /), homedir (I used /home/testuser) and enter e.g. ABCDEF! as password.
  8. Log off from webUI and try logging on as your newly created user with the "!-password", should work.

From NSO CLI you can now add this user to the appropriate authgroup e.g. devices authgroups group iosdevs umap [yournewlycreatedusergoeshere] same-pass remote-secondary-password myenablepassword.

The above assumes you have an authgroup for e.g. the IOS devices (group iosdevs).

remote-secondary-password myenablepassword only needs to be set if you have that active/configured on the device.

Details regarding users/usergroups can be found in the NSO admin guide I think.

When you now logon to the device from NSO the password with the ! should be  passed on correctly I believe. But as mentioned in my initial post: Best to leave out "weird characters", especially ?. Stick with alphanumeric (in upper and lowercase) and gain slightly more entropy by using a few characters more in the password (that will roughly make up for not using chars such as ! or ?).

Btw...have you tried setting the password incl. ! for the user from NSO CLI. I think it might work!? ! should not be a "functional" key in the NSO cli.

Following up on Ron's thread.   The IOS devices have an enable password and it also contains an "!".   The password is the standard and used on all managed devices in the environment (isolated POC/demo lab).   I ran into this previously and discovered the escape character but a new install of NSO wiped out the cdb and I don't recall what it was.

Yes, I'm using the NSO CLI for this.

sorry...have to pass on the actual escape character used...can only offer the workaround already provided above.

Once you have it sorted though you could implement yourself a service to change the password on all devices in your lab in one go (and you could even restrict people from ever using "weird" characters when using the NSO service)...that is (some of) the beauty of NSO.

Can you try to set the password using double-quote?


devices authgroups group adminx

default-map remote-name   admin

default-map remote-password “ABCDEF!”


Using cisco-ios NED and CSR1kv, I see the same and solved with this.

I think it depends on what NED to use though.

You can try either of:default-map remote-password "test!"ordefault-map remote-password test\!

Yes, both "...! " and ...\! work.  Thanks!

Hi Guys,


I need to change an admin account password on NSO, does anybody knows how to do that !

admin@ncs% set aaa authentication users user <username> password <new_pw>

after entering configure.. there are three options


admin@ncs> configure ?
Possible completions:
exclusive no-confirm private


which one should i select?

For NSO Cisco CLI:

Usually ‘terminal’ which is the default:

admin@ncs# config
Entering configuration mode terminal
admin@ncs(config)# aaa authentication users user admin password admin
admin@ncs(config-user-admin)# exit
admin@ncs(config)# commit
Commit complete.

How can i create an account on NCS and Linux hosting ncs? i want to replicate an existing account