Hi,
1st post here. Yay !
I need to add 10 users to a Netvan 1335.
The support told me that the password encryption is SHA but when en try to add a user with an encrypted passwd,
there's 4 extra caracters with my manually generated password. ( shasum / sha1sum / diverse websites )
Does anyone know if the router strips it ?
I haven't been able to add a user with an ecrypted password unless the router generate it, and I don't wanna see my guys password in clear text.
TIA,
-Luc
luc:
Unfortunately, you will not be able to have them use another program to encrypt the password and send you the encrypted password, because when you enter this information on the ADTRAN, it will simply see the hash as the actual text for the password.
If the goal is for you not to see the users passwords, then one option to achieve this is to create a "generic" login, such as admin/password, and let the users login and create their own username and passwords on the unit. As soon as they do this the passwords will be encrypted, as mentioned previously.
Let me know what other questions you have.
Levi
luc:
Thank you for posting this question in the ADTRAN Support Community. I'm not sure I understand exactly what you are asking? Are you entering an already encrypted password as the password, or are you using the service password-encryption command in AOS to encrypt the passwords?
The service password-encryption command turns on global password protection. When enabled, all currently configured passwords and any new passwords are encrypted with a 128-bit ADTRAN proprietary hash, using a two-way encryption algorithm. Password encryption is applied to all passwords, including passwords for user name, Enable mode, Telnet/console, Point-to-Point Protocol (PPP), Border Gateway Protocol (BGP), and authentication keys. When passwords are encrypted, unauthorized persons cannot view them in configuration files since the encrypted form of the password is displayed in the running-config. While this provides some level of security, the encryption method used with password encryption is not a strong form of encryption so you should take additional network security measures.
Note: 1) You cannot recover a lost encrypted password. You must erase the startup-config and set a new password. 2) Also, if you need to go back to a previous version of code that does not support service password-encryption (e.g., AOS Revision 10), this command must be disabled first. Once the service is disabled, all necessary passwords must be re-entered so that they are in the clear text form. If this is not done properly, you will not be able to log back in to the until after you revert to a previous revision that does not support password encryption. 3) Also, if you want to encrypt only the enable password this can be done with the enable md5 <password> command, but the command no service password-encryption must be in the configuration.
I hope that makes sense, but please do not hesitate to reply to this post with any related questions. I will be happy to help.
Levi
Hi Levi,
thanks for the reply, but that's not exactly it.
I want to be able to push the : username test password encrypted "encrypt_password".
Any sha/sha1 algo I use doesn't match, but I think you answered this question with "ADTRAN proprietary hash, using a two-way encryption algorithm".
Is there a place where I can send my users, they enter their password, then they send me the encrypted one with the good hash so I add them to the config.
I have 4 Netvantas that needs to be updated this way.
tia,
-L
luc:
Unfortunately, you will not be able to have them use another program to encrypt the password and send you the encrypted password, because when you enter this information on the ADTRAN, it will simply see the hash as the actual text for the password.
If the goal is for you not to see the users passwords, then one option to achieve this is to create a "generic" login, such as admin/password, and let the users login and create their own username and passwords on the unit. As soon as they do this the passwords will be encrypted, as mentioned previously.
Let me know what other questions you have.
Levi
luc:
I have marked this as "assumed answered," but please do not hesitate to reply to this post if you have further questions on this topic.
Levi
I went ahead and flagged the "Correct Answer" on this post to make it more visible and help other members of the community find solutions more easily. If you don't feel like the answer I marked was correct, feel free to come back to this post and unmark it and select another in its place with the applicable buttons. If you still need assistance, we would be more than happy to continue working with you on this - just let us know in a reply.
Thanks,
Levi