Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
221
Views
3
Helpful
3
Replies

Nexus 9000 - Adding User with Encrypted Password

Go to solution
mbrown-revitycu
Level 1
Level 1

‎06-23-2025 02:01 PM

We have a pair of Nexus 9000 switches in use, and we've managed to lose the password for the generic admin user.

We still have a couple of us with personal logins, so we still have access.

However, what I can't recall from initial setup or find any useful information on is how to add a new user with an encrypted password.

The command would be, if I have it right:

Router# username NEWADMIN password 5 (HASH VALUE GOES HERE)

But what I am using to generate that hash? Shame me for having to ask I guess, or if I've put this is the wrong board, but I recall it not being that complicated; I just can't find anything that indicates that.

Thanks!

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
David Ruess
VIP
VIP

‎06-23-2025 11:30 PM

Hello,

 

Please see this document:

https://www.cisco.com/c/en/us/td/docs/dcn/nx-os/nexus9000/103x/configuration/security/cisco-nexus-9000-nx-os-security-configuration-guide-103x/m-configuring-user-accounts-and-rbac.html

Under the section - Configuring User Accounts  you can see its a SHA256 hashing algorithm, specifically: 

SHA256 is the hashing algorithm used for password encryption. As a part of the encryption, a 5000 iteration of 64-bit SALT is added to the password.

SHA256 is the default hashing algorithm used for password encryption. To generate a hash for type 8 and type 9 password, you must provide PBKDF2/SCRYPT option along with clear text password.

 

You should just be able to create a password in clear text and the device will automatically hash it for you with Option 0 as NX-OS by default encrypts plaintext passwords.

 

Hope this helps

 

-David

View solution in original post

3 Replies 3

Go to solution
zika56fery
Community Member

‎06-23-2025 10:43 PM

Cisco's type 5 passwords use an MD5-based hashing algorithm with a salt. This means that even if you enter the same cleartext password multiple times, the resulting hash will be different each time because a random salt is used.

0 Helpful

Go to solution
David Ruess
VIP
VIP

‎06-23-2025 11:30 PM

Hello,

 

Please see this document:

https://www.cisco.com/c/en/us/td/docs/dcn/nx-os/nexus9000/103x/configuration/security/cisco-nexus-9000-nx-os-security-configuration-guide-103x/m-configuring-user-accounts-and-rbac.html

Under the section - Configuring User Accounts  you can see its a SHA256 hashing algorithm, specifically: 

SHA256 is the hashing algorithm used for password encryption. As a part of the encryption, a 5000 iteration of 64-bit SALT is added to the password.

SHA256 is the default hashing algorithm used for password encryption. To generate a hash for type 8 and type 9 password, you must provide PBKDF2/SCRYPT option along with clear text password.

 

You should just be able to create a password in clear text and the device will automatically hash it for you with Option 0 as NX-OS by default encrypts plaintext passwords.

 

Hope this helps

 

-David

Go to solution
mbrown-revitycu
Level 1
Level 1

‎06-24-2025 07:55 AM

Thank you for this! I knew it was simple, but that auto-encrypt bit was what I couldn't pin down.

New user is all set up and ready to go.

Customers Also Viewed These Support Documents