Showing results for 
Search instead for 
Did you mean: 

Not possible anymore to copy/paste a preencrypted (Type 9) user/secret

Hi guys,

i´m a bit confused, what worked like a charm for many many years seems not to work for me anymore, actually the first time.

I put in a username/secret like follows:

username blabla privilege 15 secret <Cleartextpassword>

Afterwards i take the line from the running config

username blabla privilege 15 secret 9 fsfsfunnyhashedpasswordnln3452

and try to copy it to another routers config, which always worked for me.

Today: I end up in a line 

% Incomplete command.

Or, when i use to generate that line which i want to copy using

username blabla privilege 15 algorithm-type scrypt secret <Cleartextpassword>

after pasting (the encrypted config line) to another router with THAT message:

ERROR: The secret you entered is not a valid encrypted secret.

To enter an UNENCRYPTED secret, do not specify type 9 encryption.

When you properly enter an UNENCRYPTED secret, it will be encrypted.


I´m aware of the concept of hashes and salts, but should it really be not possible anymore to generate such user/secret-lines on one Cisco box next to you for the colleagues and paste these handful of lines to other Cisco-devices? We cannot have an AAA-server for this purpose, some of these customers don´t even have more than a PC behind the routers. So, simply a local personalized login for us staff is the weapon of choice.

Does anybody know a workaround for this problem?


I tried on various switches with 15.x and Cisco-routers ISR4k with IOS-XE 16.x and 17.x ...everywhere the same game.

Thanks in advance for any input!

Kind regards,


4 Replies 4

Cisco Employee
Cisco Employee

I suggest moving your question to a IOS switch or router forum, not ISE, since this is clearly an IOS CLI-specific question.

Many thanks, Thomas, my fault when creating that post in sort of a hurry

Flavio Miranda
VIP Mentor VIP Mentor
VIP Mentor


 There are many similar posts here. It seems Cisco change some security policy related to it. And if we think it through, it make sense. Be able to replicate a password between device is a security risk. 

I agree to you and completely understand that concern, but not being able to simply copy and paste a preencrypted/hashed line with a secret is also not too helpful in certain cases.

Just think about it, i would have to let a certain colleague whcih should help us in monitoring, troubleshooting, or simply a new teammember which needs access on a device locally (without sing AAA, radius or whatever, because sometimes routers and switches are deployed in a very small environment) on all the devices PER device.

This is a bit overcomplicated, instead of having a set of config lines as a (let´s say) default when configuring a new device or simply add it via script runs with ansible.

So, i am still searching a solution for this.

Not sure if it will do the trick, didn´t try jet, but maybe i do the same on a old device (md5) and while pasting it on a new device it gets automatically "leveled up" as type 9

Let´s see

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers