Setting Basic Password Parameters

This section shows how to set up basic passwords and secrets on your router. You cannot create your own encrypted passwords and secrets. You must use encrypted passwords and secrets that the router generates.

Note: See Setting and Erasing Passwords for additional commands for erasing and monitoring passwords.

Creating Encrypted Passwords

This example encrypts password t1meout1 and creates a password for privilege level 10.

1. Enable and configure the password. The 0 keyword specifies that you are entering an unencrypted password.

   host1(config)#enable password level 10 0 t1meout1

2. Display the encrypted password.

   host1(config)#exit
   host1#show secret
                  Current Password Settings
                  -------------------------
            encryption         encrypted
   level       type         password/secret         mode
   -----   ------------   --------------------   ----------
   0
   1
   2
   3
   4
   5
   6
   7
   8
   9
   10      7 (password)   dq]XG`,%N"SS7d}o)_?Y   configured
   11      7 (password)   dq]XG`,%N"SS7d}o)_?Y   inherited
   12      7 (password)   dq]XG`,%N"SS7d}o)_?Y   inherited
   13      7 (password)   dq]XG`,%N"SS7d}o)_?Y   inherited
   14      7 (password)   dq]XG`,%N"SS7d}o)_?Y   inherited
   15      7 (password)   dq]XG`,%N"SS7d}o)_?Y   inherited 

You or users with high privilege levels can now use the encrypted password, dq]XG`,%N"SS7d}o)_?Y, with the password command.

Creating Secrets

This example generates a secret for the password rocket, and creates a secret for privilege level 15.

1. Enable and configure the secret. The 0 keyword specifies that you are entering an unencrypted secret.

   host1(config)#enable secret level 15 0 rocket

2. Display the secret.

   host1(config)#exit
   host1#show secret
                 Current Password Settings
                 -------------------------
           encryption        encrypted
   level      type        password/secret         mode
   -----   ----------   --------------------   ----------
   0
   1
   2
   3
   4
   5
   6
   7
   8
   9
   10
   11
   12
   13
   14
   15      5 (secret)   bcA";+1aeJD8)/[1ZDP6   configured 

You or users with high privilege levels can now use the encrypted password, bcA";+1aeJD8)/[1ZDP6, with the password command.

Encrypting Passwords in Configuration File

You can also direct the system software to encrypt passwords saved in the configuration file by using the service password-encryption command. This command is useful to keep unauthorized individuals from viewing your password in your configuration file. It is important to remember that this command uses a simple cipher and is not intended to protect against serious analysis. You can tell if a string is encrypted if it is preceded by an 8.

Commands and Guidelines

Use the following commands and guidelines to set passwords or secrets for the privilege levels.

enable password

• Use to set a password, which controls access to Privileged Exec mode and some configuration modes.
• Enter the password in plain text (unencrypted) or cipher text (encrypted). In either case, the system stores the password as encrypted.
• The first time you define a password, you must enter it in plain text. To view its encrypted form, use the show config display. To redefine the password at a later date, you can enter the password in its encrypted form.
• You can use the following keywords:
  • 0 (zero)—Specifies an unencrypted password
  • 7—Specifies an encrypted password
• Example 1 (unencrypted password)

  host1(config)#enable password 0 mypassword

• Example 2 (encrypted password)

  host1(config)#enable password 7 x13_2

• Use the no version to remove the password.
• See enable password.

enable secret

• Use to set a secret, which controls access to the Privileged Exec mode and some configuration modes.
• Enter the secret in plain text (its unencrypted form) or cipher text (its encrypted form). In either case, the system stores the secret as encrypted.
• The first time you define a secret, you must enter it in plain text. To view its encrypted form, use the show config display. To redefine the secret at a later date, you can enter the secret in its encrypted form.
• You can use the following keywords:
  • 0 (zero)—Specifies an unencrypted secret
  • 5—Specifies an encrypted secret
• Example 1 (unencrypted secret)

  host1(config)#enable secret 0 yalta45

• Example 2 (encrypted secret)

  host1(config)#enable secret 5 y13_x

• Use the no version to remove the secret.
• See enable secret.

service password-encryption

• Use to encrypt passwords that are saved in the system’s configuration file. The command converts plain text to cipher text. The default is no encryption.
• Use of this command prevents casual observers from viewing passwords, for example, in data obtained from show config displays. The command is not intended to provide protection from serious analysis.
• This command does not apply to passwords set with enable secret, enable password, or password (Line Configuration mode).
• This command does apply to authentication key passwords and BGP neighbor passwords.
• Example

  host1(config)#service password-encryption

• Use the no version to remove the encryption assignment.
• See service password-encryption.

Copyright © 2009, Juniper Networks, Inc. All rights reserved. Trademark Notice.