Solved: Re: SSH

jonk34567 · ‎02-09-2018

images is attached below. what is meant by 7 ? .is it a part of password ?

Deepak Kumar · ‎02-10-2018

Hi,

Almost all passwords and other authentication strings in Cisco IOS configuration files are encrypted using the weak, reversible scheme used for user passwords.

To determine which scheme has been used to encrypt a specific password, check the digit preceding the encrypted string in the configuration file. If that digit is a 7, the password has been encrypted using the weak algorithm. If the digit is a 5, the password has been hashed using the stronger MD5 algorithm.

For example, in the configuration command:

enable secret 5 $1$iUjJ$cDZ03KKGh7mHfX2RSbDqP.

The enable secret has been hashed with MD5, whereas in the command:

username jdoe password 7 07362E590E1B1C041B1E124C0A2F2E206832752E1A01134D

The password has been encrypted using the weak reversible algorithm.

More information: https://www.cisco.com/c/en/us/support/docs/security-vpn/remote-authentication-dial-user-service-radius/107614-64.html

Regards,

Deepak Kumar

Regards,
Deepak Kumar,
Don't forget to vote and accept the solution if this comment will help you!

View solution in original post

marce1000 · ‎02-09-2018

- It means the specified password is the encrypted version of it ; use 0 if you want specify a plain password,

M.

-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

burleyman · ‎02-09-2018

HQ(config-line)#password ?
0 Specifies an UNENCRYPTED password will follow
7 Specifies a HIDDEN password will follow
LINE The UNENCRYPTED (cleartext) line password

HQ(config-line)#password 0 ?
LINE The UNENCRYPTED (cleartext) line password

HQ(config-line)#password 0 cisco

HQ#show run | begin line vty
line vty 0 4
exec-timeout 0 0
password 7 13061E010803
login local
transport input telnet ssh

I ran this on my router.

Mike

burleyman · ‎02-09-2018

For study purposes this is fine but I would never use this command in a live environment because it is very insecure and very easily decrypted right on line.

Mike

Joseph W. Doherty · ‎02-09-2018

Laugh, indeed as "7 13061E010803" equals "cisco".

burleyman · ‎02-09-2018

ummmmm, I don't recall the facts pertaining to the matter in question, I says to the security auditor.

Mike

Deepak Kumar · ‎02-10-2018

Hi,

Almost all passwords and other authentication strings in Cisco IOS configuration files are encrypted using the weak, reversible scheme used for user passwords.

To determine which scheme has been used to encrypt a specific password, check the digit preceding the encrypted string in the configuration file. If that digit is a 7, the password has been encrypted using the weak algorithm. If the digit is a 5, the password has been hashed using the stronger MD5 algorithm.

For example, in the configuration command:

enable secret 5 $1$iUjJ$cDZ03KKGh7mHfX2RSbDqP.

The enable secret has been hashed with MD5, whereas in the command:

username jdoe password 7 07362E590E1B1C041B1E124C0A2F2E206832752E1A01134D

The password has been encrypted using the weak reversible algorithm.

More information: https://www.cisco.com/c/en/us/support/docs/security-vpn/remote-authentication-dial-user-service-radius/107614-64.html

Regards,

Deepak Kumar

Regards,
Deepak Kumar,
Don't forget to vote and accept the solution if this comment will help you!