11-14-2015 03:12 AM - edited 03-08-2019 02:42 AM
I have following in my config file
enable password 12345
line con 0
exec-timeout 0 0
line vty 0 4
password 7 12345
login local
length 0
transport input telnet
line vty 5 15
password 7 12345
login local
length 0
transport input telnet
!
password is 12345, so how to hide enable password, line vty 04 and line vty 5 15 password?
how to setup console password?
11-16-2015 01:06 AM
Proper passwords protect the router from unauthorized access.
Follow these steps to configure console passwords.
Note: Before performing this test, ensure that you have an alternate connection into the router, such as Telnet or dial-in, in case there is a problem logging back in to the router.
Note: Notice that the prompt changes to reflect the current mode.
router#conf t
!--- Enter configuration commands, one per line. End with CNTL/Z.
router(config)#line con 0
router(config-line)#
2. Configure the password, and enable password checking at login.
router(config-line)#password <password>
router(config-line)#login
3. Exit configuration mode.
router(config-line)#end
router#
%SYS-5-CONFIG_I: Configured from console by console
Note: Do not save your configuration changes until your ability to log in has been verified.
4. Verify the configuration. Examine the configuration of the router to make sure that the commands have been properly entered by issuing the show running-config command. To test the configuration, log off the console with the exit command and log in again, using the configured password to access the router.
router#exit
router con0 is now available
Press RETURN to get started.
5. Save your configuration.
router#write memory
Perform these steps to configure Telnet passwords.
Note: Before performing this test, ensure that you have an alternate connection into the router, such as console or dial-in, in case there is a problem logging back in to the router.
Note: Notice that the prompt changes to reflect the current mode.
router#conf t
!--- Enter configuration commands, one per line. End with CNTL/Z.
router(config)#line vty 0 4
router(config-line)#
router(config-line)#password <password>
router(config-line)#login
router(config-line)#end
router#
%SYS-5-CONFIG_I: Configured from console by console
Note: Do not save your configuration changes until your ability to log in has been verified.
router#telnet <ip address>
5. Save your configuration.
router#write memory
Follow these steps to configure Auxiliary (AUX) port passwords.
Note: before performing this test, ensure that you have an alternate connection into the router, such as console or Telnet, in case there is a problem logging back in to the router.
Note: Notice that the prompt changes to reflect the current mode.
router#conf t
!--- Enter configuration commands, one per line. End with CNTL/Z.
router(config)#line aux 0
router(config-line)#
router(config-line)#password <password>
router(config-line)#login
router(config-line)#endNote: Do not save your configuration changes until your ability to log in has been verified.
router#
%SYS-5-CONFIG_I: Configured from console by console
router#write memory
11-21-2015 07:14 PM
then in running config, my console password is in plain text, I want console passowrd to be secret, how to do?
what's the difference between "line con 0" and "line vty 0 4"?
11-21-2015 07:58 PM
Hello,
Set this commend on your router.
Config terminal
service password-encryption
Simply, line con 0 is for connecting to router by console cable and softwares such as windows hyper terminal.
line vty 0 4 for connecting to router by Telnet or SSH.
Hope it helps,
Masoud
12-08-2015 01:38 AM
no, if using service password-encryption, it still can be cracked if I have access to running config, I want a secrete console password, how to do?
12-08-2015 04:09 AM
Hi. This is what I would do.
Use AAA and the local database to authenticate the console access.
aaa new-model
aaa authentication login default local
When you add the local username and password. do it with secret, not password, eg.
username <user> privilege 15 secret <password>
This will give you the protection of hiding the passwords
12-08-2015 04:16 AM
Sorry. I forgot this config :-)
line con 0
login authentication default
11-16-2015 01:07 AM
R1>enable R1#configure terminal Enter configuration commands, one per line. End with CNTL/Z. R1(config)#enable password falcons R1(config)#line con 0 R1(config-line)#password falcons R1(config-line)#exit R1(config)#line vty 0 4 R1(config-line)#password falcons R1(config-line)#^Z R1# %SYS-5-CONFIG_I: Configured from console by console R1#copy running-config startup-config Building configuration... [OK] R1#
11-22-2015 02:30 PM
As I read the original post it seems to me that the essential question is how to hide the passwords. I agree with Masoud that the real answer here is service password-encryption.
I would like to point out one other aspec of the original post. In the original post it has this
password 7 12345
and tells us that the password is 12345. That is not correct. The "7" in that line tells the router that the password in encrypted and what shows in the config is the cryptographic repressentation of the password and not the password itself. So 12345 is the crypto text representing the password and not the password itself.
HTH
Rick
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide