I'm trying to connect a device with a password that contains an exclamation point (ex: ABCDEF!). I know there is some kind of escape character needed to get this into the device configuration but I can't find it in any of the documentation. Any advice or help on how to get such a password string into the umap for a user / PW combination?
Solved! Go to Solution.
Best thing would be to change the password to soemthing else (see: What are invalid characters for a password in a Cisco router or firewall? - Network Engineering Stack Exchange).
If you want to enter a ? as e.g. an enable secret on the device directly you would use
?. You are talking about entering it into umap from the NSO CLI, right (e.g. devices authgroups group iosdevs umap admin same-pass same-user remote-secondary-password myenablepassword)?
Not sure how that would work.
Can you maybe create yourself an NSO User (think that can even be done from WebUI, not sure though as I cannot check here currently), give him the password with ! and then use "same-pass [yourdevusername]" similar to the way I wrote above?
Hope this helps a little.
just verified that it is possible to create a user from NSO webUI.
From NSO CLI you can now add this user to the appropriate authgroup e.g. devices authgroups group iosdevs umap [yournewlycreatedusergoeshere] same-pass remote-secondary-password myenablepassword.
The above assumes you have an authgroup for e.g. the IOS devices (group iosdevs).
remote-secondary-password myenablepassword only needs to be set if you have that active/configured on the device.
Details regarding users/usergroups can be found in the NSO admin guide I think.
When you now logon to the device from NSO the password with the ! should be passed on correctly I believe. But as mentioned in my initial post: Best to leave out "weird characters", especially ?. Stick with alphanumeric (in upper and lowercase) and gain slightly more entropy by using a few characters more in the password (that will roughly make up for not using chars such as ! or ?).
Btw...have you tried setting the password incl. ! for the user from NSO CLI. I think it might work!? ! should not be a "functional" key in the NSO cli.
Following up on Ron's thread. The IOS devices have an enable password and it also contains an "!". The password is the standard and used on all managed devices in the environment (isolated POC/demo lab). I ran into this previously and discovered the escape character but a new install of NSO wiped out the cdb and I don't recall what it was.
sorry...have to pass on the actual escape character used...can only offer the workaround already provided above.
Once you have it sorted though you could implement yourself a service to change the password on all devices in your lab in one go (and you could even restrict people from ever using "weird" characters when using the NSO service)...that is (some of) the beauty of NSO.
Can you try to set the password using double-quote?
devices authgroups group adminx
default-map remote-name admin
default-map remote-password “ABCDEF!”
Using cisco-ios NED and CSR1kv, I see the same and solved with this.
I think it depends on what NED to use though.
after entering configure.. there are three options
admin@ncs> configure ?
exclusive no-confirm private
which one should i select?