Introduction
When dealing with a network device replacement project, the config of the existing device is received from the other party, but in general, the password information on the config is set to be encrypted, so the password information is unknown at first glance. It becomes.
This section describes how to decode the encrypted password on the config in such a case.
- A Cisco IOS device is required for decoding.
- As mentioned at the end, the only password that can be decoded is the type 7 password.
Work environment
- Cisco C891FJ-K9
- Version:15.3(3)M5
How to decode the encrypted password
Suppose the following settings have been made.
Router(config)#username hogehoge password piyopiyoIn this case, it is written as follows on the config.
username hogehoge password 7 03145212091F285541To decode the above encrypted password, first configure the following settings on any Cisco device.
Router(config)#key chain DECODE
Router(config-keychain)#key 1
Router(config-keychain-key)#key-string 7 03145212091F285541key chain "<Key chain name>"
key "<Numerical value>"
key-string 7 "<Encrypted password>"After setting, execute the following show command.
show key chain
Router#show key chain
Key-chain DECODE:
key 1 -- text "piyopiyo"
accept lifetime (always valid) - (always valid) [valid now]
send lifetime (always valid) - (always valid) [valid now]You can see the decoded password on the following line in the command output.
key 1 -- text "piyopiyo"Important point
The only decodable password is the Cisco type 7 password displayed in 7 XXXX format as shown below.
password 7 xxxxxxx
For example, if you set a password with the username xxx password xxx command or enable password command, and then encrypt it with the service password-encryption command, you get a type 7 password.
On the other hand, if you set a password with the enable secret command, it will be a type 5 password as shown below, and this cannot be decoded.
enable secret 5 $1$9AH9$EDhEy0t.c8dfvAfw0ISZS.
Comments