When dealing with a network device replacement project, the config of the existing device is received from the other party, but in general, the password information on the config is set to be encrypted, so the password information is unknown at first glance. It becomes.
This section describes how to decode the encrypted password on the config in such a case.
- A Cisco IOS device is required for decoding.
- As mentioned at the end, the only password that can be decoded is the type 7 password.
- Cisco C891FJ-K9
How to decode the encrypted password
Suppose the following settings have been made.
Router(config)#username hogehoge password piyopiyo
In this case, it is written as follows on the config.
username hogehoge password 7 03145212091F285541
To decode the above encrypted password, first configure the following settings on any Cisco device.
Router(config)#key chain DECODE Router(config-keychain)#key 1 Router(config-keychain-key)#key-string 7 03145212091F285541
key chain "<Key chain name>" key "<Numerical value>" key-string 7 "<Encrypted password>"
After setting, execute the following show command.
show key chain
Router#show key chain Key-chain DECODE: key 1 -- text "piyopiyo" accept lifetime (always valid) - (always valid) [valid now] send lifetime (always valid) - (always valid) [valid now]
You can see the decoded password on the following line in the command output.
key 1 -- text "piyopiyo"
The only decodable password is the Cisco type 7 password displayed in 7 XXXX format as shown below.
password 7 xxxxxxx
For example, if you set a password with the
username xxx password xxx command or
enable password command, and then encrypt it with the service password-encryption command, you get a type 7 password.
On the other hand, if you set a password with the
enable secret command, it will be a type 5 password as shown below, and this cannot be decoded.
enable secret 5 $1$9AH9$EDhEy0t.c8dfvAfw0ISZS.