Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
251
Views
4
Helpful
1
Replies

Proper use of encrypted command when setting password

cisco501pix
Level 1
Level 1

‎01-03-2006 07:40 PM - edited ‎03-09-2019 01:31 PM

I currently have my 501 setup without any user name...I only enter a password to enter PDM or Telnet. I now want to configure the 501 with a username but it is a little unclear to me when to use the encrypted option when setting the password via the username command.

I want to continue to use the password I have already set up. I assume that password is currently encrypted since it is stored in the 501. Does that mean when I use the same password in the username command I need to also use the encrypted option? What would happen if I didn't use the encrypted option...would the password then be "doubly encrypted" which would render it unusable or what.

Once I am sure the telnet and http username and password work properly can I just enter additional aaa authentication commands to add that username and password to, for instance,

ssh?

I hope I explained this well enough...I am quite PIX illiterate at this point.

Thanks for your help.

Labels:
0 Helpful
1 Reply 1

turnbull
Level 1
Level 1

‎01-03-2006 08:02 PM

Hi,

The encrypted keyword is only used when you are inputting an already encrypted password. Don't bother with the encrypted keyword. configure your username and password using the same cleartext password as used for telnet etc. if you wish. They are not related as far as the configuration goes and all passwords are encrypted by the pix.

ie.

passwd cisco123

username myname password cisco123 privilege 15

Best option is to setup AAA authentication using the LOCAL keyword which allows the use of the local user database on the pix instead of an external RADIUS or TACACS+ box.

See the following link for further info:

http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_sw/v_63/config/sysmgmt.htm#wp1077072

Cheers,

Paul.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents