after pasting (the encrypted config line) to another router with THAT message:
ERROR: The secret you entered is not a valid encrypted secret.
To enter an UNENCRYPTED secret, do not specify type 9 encryption.
When you properly enter an UNENCRYPTED secret, it will be encrypted.
I´m aware of the concept of hashes and salts, but should it really be not possible anymore to generate such user/secret-lines on one Cisco box next to you for the colleagues and paste these handful of lines to other Cisco-devices? We cannot have an AAA-server for this purpose, some of these customers don´t even have more than a PC behind the routers. So, simply a local personalized login for us staff is the weapon of choice.
Does anybody know a workaround for this problem?
I tried on various switches with 15.x and Cisco-routers ISR4k with IOS-XE 16.x and 17.x ...everywhere the same game.
There are many similar posts here. It seems Cisco change some security policy related to it. And if we think it through, it make sense. Be able to replicate a password between device is a security risk.
I agree to you and completely understand that concern, but not being able to simply copy and paste a preencrypted/hashed line with a secret is also not too helpful in certain cases.
Just think about it, i would have to let a certain colleague whcih should help us in monitoring, troubleshooting, or simply a new teammember which needs access on a device locally (without sing AAA, radius or whatever, because sometimes routers and switches are deployed in a very small environment) on all the devices PER device.
This is a bit overcomplicated, instead of having a set of config lines as a (let´s say) default when configuring a new device or simply add it via script runs with ansible.
So, i am still searching a solution for this.
Not sure if it will do the trick, didn´t try jet, but maybe i do the same on a old device (md5) and while pasting it on a new device it gets automatically "leveled up" as type 9