Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
334
Views
0
Helpful
4
Replies

Encrpyt Username?

pduleski
Level 1
Level 1

‎11-18-2003 07:37 AM - edited ‎03-09-2019 05:34 AM

Is there a way to encrpty the usernames below locally???

version 12.1

no service single-slot-reload-enable

no service pad

service timestamps debug datetime

service timestamps log datetime

service password-encryption

!

hostname XXXXXX

!

logging console warnings

no logging monitor

aaa new-model

enable secret 5 <removed>

!

username aaa password 7 <removed>

username ppp password 7 <removed>

username jjj password 7 <removed>

Labels:
0 Helpful
4 Replies 4

jmia
Level 7
Level 7

‎11-19-2003 12:06 AM

Peter,

Answer to your question is yes you can encrypt usernames -

First, enable password encryption to “hide” the clear-text passwords in the configuration.

> service password-encryption

Now define the password,

i.e. username admin password admin1

So now admin’s password is now admin1 and when displayed on the routers’s configuration, you’ll see the passwords in their encrypted form:

Username admin password 7 045673A0CBX1

The only drawback to this is that it’s not manageable, for instance if you need to work with more than a few users and one or two routers.

The better solution to this is to make a central authentication repository using authentication protocol, and configure the router to use the authentication server. There are several different protocols that you can use but the most popular are XTACACS, Radius, and TACACS+.TACACS+ uses the AAA protocol and is supported by the CiscoSecure product.

Hope this helps and let me know how you get on.

Regards – Jay.

0 Helpful

bfl1
Level 1
Level 1
In response to jmia

‎11-19-2003 05:41 PM

This will encrypt the password, not the username.

0 Helpful

gfullage
Cisco Employee
Cisco Employee

‎11-20-2003 09:39 PM

To answer your original question, no , there is no way to encrypt the username in a router config. Also, keep in mind that encrypting the passwords using level 7 is *very* insecure also and they can be easily unencrypted in about half a second.

You're better off storing all these on a separate authentication server. If you have Win2K server then it comes with a free Radius server that you can use.

0 Helpful

bfl1
Level 1
Level 1

‎11-21-2003 06:05 AM

If someone can get ahold of your level 7 encrypted password, they can use BOSON's getpass to unencrypt it... I also suggest using radius.

0 Helpful
Customers Also Viewed These Support Documents