Re: Proper use of encrypted command when setting password

cisco501pix · ‎01-03-2006

I currently have my 501 setup without any user name...I only enter a password to enter PDM or Telnet. I now want to configure the 501 with a username but it is a little unclear to me when to use the encrypted option when setting the password via the username command.

I want to continue to use the password I have already set up. I assume that password is currently encrypted since it is stored in the 501. Does that mean when I use the same password in the username command I need to also use the encrypted option? What would happen if I didn't use the encrypted option...would the password then be "doubly encrypted" which would render it unusable or what.

Once I am sure the telnet and http username and password work properly can I just enter additional aaa authentication commands to add that username and password to, for instance,

ssh?

I hope I explained this well enough...I am quite PIX illiterate at this point.

Thanks for your help.

turnbull · ‎01-03-2006

Hi,

The encrypted keyword is only used when you are inputting an already encrypted password. Don't bother with the encrypted keyword. configure your username and password using the same cleartext password as used for telnet etc. if you wish. They are not related as far as the configuration goes and all passwords are encrypted by the pix.

ie.

passwd cisco123

username myname password cisco123 privilege 15

Best option is to setup AAA authentication using the LOCAL keyword which allows the use of the local user database on the pix instead of an external RADIUS or TACACS+ box.

See the following link for further info:

http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_sw/v_63/config/sysmgmt.htm#wp1077072

Cheers,

Paul.