03-03-2021 07:57 AM
I'm trying to update the hashing algorithm for both the enable secret and the secret for the username login. Every time I enter my enable secret with either the type 8 or 9 it just doesn't work, I will enter a simple secret like cisco and it won't let me on either through console or the vty lines. When I delete the type 8/9 secret and just use the normal type 5 secret my enable secret works and I can get on.
The story is the same for configuring usernames, if I use a type 8/9 as the algorithm type it won't let me login with the username and secret I just configured, if I delete that username and add it again but use the type 5 instead it works and I can login. I can't find anything about this being a bug so I'm unsure if I'm configuring it correctly. Does a type 8/9 secret need to be a certain length (as I've only tested it with passwords that are less than 10 characters).
switch: 2960x-24PS-L
version: 15.2(4r)E3
03-03-2021 08:51 AM
Could you post the exact syntax you are using when you attempt the type 8 or 9 secret?
03-03-2021 12:01 PM
enable algorithm-type scrypt secret cisco
username admin algorithm-type scrypt secret cisco
I'm using the local database so I have the no aaa new-model configured.
03-03-2021 10:07 AM
Hello,
are you using the configuration as below ?
Type 8
2960X(config)#enable algorithm-type sha256 secret cisco
2960X(config)# username admin algorithm-type sha256 secret cisco
Type 9
2960X(config)#ena algorithm-type scrypt secret cisco
2960X(config)# username admin algorithm-type scrypt secret cisco
03-03-2021 12:02 PM
Yes I'm using all four of those commands, I have the no aaa new-model set so would this impact this? As I can still login when I set the username/secret and the enable secret to md5.
03-03-2021 10:46 AM
For now are not sure what is configuration you added with type 8 or type 9, good to know as @Richard Burts asked.
Also once you login back in with a normal user, what Logs you see in the switch?
03-03-2021 12:03 PM
I never really checked the logs tbh, I will check next time when I'm at the switch and I will also turn debug on so I can monitor from the console.
03-03-2021 11:07 AM
Hello
As a test increase the priviege level and see if you are able to access the device, Also can you confirm if you are running AAA
username xxx privilege 15 algorithm-type scrypt secret xxxxxxx
03-03-2021 12:10 PM
I'm pretty sure I set my privileg level to 15 when I was testing the username and secret but I will check again when I'm at the switch. Also I'm using the local login database so I'm not using any aaa authentication servers, is this required for type 8 and 9 hashing?
03-03-2021 01:49 PM
Hello
No it isn't but was curious as to how you were accessing the switch, by the way AAA also supports local database authentication, it isnt just used with a centralized ACS.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: