[Cisco] How to decode the encrypted password on the config



When dealing with a network device replacement project, the config of the existing device is received from the other party, but in general, the password information on the config is set to be encrypted, so the password information is unknown at first glance. It becomes.

This section describes how to decode the encrypted password on the config in such a case.

  • A Cisco IOS device is required for decoding.
  • As mentioned at the end, the only password that can be decoded is the type 7 password.

Work environment

  • Cisco C891FJ-K9
    • Version:15.3(3)M5

How to decode the encrypted password

Suppose the following settings have been made.

Router(config)#username hogehoge password piyopiyo

In this case, it is written as follows on the config.

username hogehoge password 7 03145212091F285541

To decode the above encrypted password, first configure the following settings on any Cisco device.

Router(config)#key chain DECODE
Router(config-keychain)#key 1
Router(config-keychain-key)#key-string 7 03145212091F285541
key chain "<Key chain name>"
 key "<Numerical value>"
  key-string 7 "<Encrypted password>"

After setting, execute the following show command.

  • show key chain
Router#show key chain
Key-chain DECODE:
    key 1 -- text "piyopiyo"
        accept lifetime (always valid) - (always valid) [valid now]
        send lifetime (always valid) - (always valid) [valid now]

You can see the decoded password on the following line in the command output.

    key 1 -- text "piyopiyo"

Important point

The only decodable password is the Cisco type 7 password displayed in 7 XXXX format as shown below.

password 7 xxxxxxx

For example, if you set a password with the username xxx password xxx command or enable password command, and then encrypt it with the service password-encryption command, you get a type 7 password.

On the other hand, if you set a password with the enable secret command, it will be a type 5 password as shown below, and this cannot be decoded.

enable secret 5 $1$9AH9$EDhEy0t.c8dfvAfw0ISZS.


Copied title and URL