cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
4581
Views
10
Helpful
7
Replies
Highlighted
Beginner

Unable to enter new users in Nexus 5K

Hey All,

Interestingly enough I've seen about 3-4 posts with the exact same problem and yet not a single one is ever answered..

The task is simple:

"username USER password 5 SOMEPASS role network-admin"

It consistently outputs: "String failed to match token pattern at '^' marker." - always the carat is at the first character in whatever password I input.  I've ensured passwords I input meet the conditions of "password strength-check" and I have also disabled this feature and repeated with numerous passwords to no effect.

Thanks in advance for any insight into this most pesky issue and for aiding me in my NX-OS journey!

Kindest Regards,

ALAN

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted

Contrary to older IOS switches NX-OS does not use plain text passwords in the config anymore. Once you entered a password it will be immediately hashed and only the hash is stored in the running config:

username USER password Passw0rd!

show run | inc username

username USER password 5 $1$Eih6SrvJ$D.2H2X/YtEYQMj8Ucy3f41  role network-operator


Now imagine you would want to copy this config file to a different switch, including the login credentials. In this case you copy the above line including the "5" and the other switch now understands that "$1$Ei..." is a hash value and not a clear text password. Theoretically you wouldn't even need to know the password to copy it on another switch.

There is no more or less security involved in either way.

View solution in original post

7 REPLIES 7
Highlighted
Participant

If you use password "5" you need to enter the correct md5 password hash while you seem to use a clear text password.

Try

username USER password PASSWORD role network-admin
Highlighted

Doesn't "0" have to follow "password" to signify a clear text password will follow?

username UID password 0 PASSWORD role network-admin

Highlighted

Doesn't "0" have to follow "password" to signify a clear text password will follow?

Actually no. The switch assumes a clear text password if no number is given at all.

Highlighted

Good to know. I have never tried it. One character less to type is always a good thing.Thanks!

Highlighted

Hmm interesting.  When I look at the required field after the 'password 5' it shows as a 'WORD' type.. so I figured this would more strongly encrypt the password that I input.. Can you give an example of using 'password 5'?  Given that example how does one enter the password assuming they use the 'password 5' route? 

Finally - is the 'password 5' method more secure or just another method of user account authentication?

Looking forward to your responses, and pending them will award answers and ratings!

Kindest Regards,

Alan

Highlighted

Contrary to older IOS switches NX-OS does not use plain text passwords in the config anymore. Once you entered a password it will be immediately hashed and only the hash is stored in the running config:

username USER password Passw0rd!

show run | inc username

username USER password 5 $1$Eih6SrvJ$D.2H2X/YtEYQMj8Ucy3f41  role network-operator


Now imagine you would want to copy this config file to a different switch, including the login credentials. In this case you copy the above line including the "5" and the other switch now understands that "$1$Ei..." is a hash value and not a clear text password. Theoretically you wouldn't even need to know the password to copy it on another switch.

There is no more or less security involved in either way.

View solution in original post

Highlighted

Awesome, thanks for your thorough response - makes a lot of sense seeing it that way.  I still like how the 7k handles encryption better, but it's nice that this is there by default now.  closing and adding ratings!

Kindest Regards,

ALAN

Content for Community-Ad