Reset Search
 

 

Article

Login failed for configure account admin encrypt password

« Go Back

Information

 
TitleLogin failed for configure account admin encrypt password
Question
  • Why is it unable to login to the switch after creating an account with keyword "encrypted"
  • What is the benefit of using keyword "encrypted" while creating an account.
  • Why is it recommended to create an account without keyword "encrypted"
Environment
EXOS
Answer
  • When you create an account without keyword "encrypted" EXOS creates a hash for the password.
# create account admin TEST1 12345

# show configuration aaa
create account admin TEST1 encrypted "xIBUUC$j2Z5hxug2o9iSaLxMD.pj/"
 
  • Account created with key "encrypted"  login is failed while attempting to login after exit. when checked in show configuration  it shows in clear text because EXOS simply takes this password as a hashed one and not a clear text. It does not convert it to hashed. EXOS understands it as already a hashed one .entering password as clear text is unsuccesfull.
# create account admin TEST2 encrypted 12345

# show configuration "aaa"
create account admin TEST1 encrypted "xIBUUC$j2Z5hxug2o9iSaLxMD.pj/"
create account admin TEST2 encrypted "12345"
# exit

login: TEST2
password:12345

Login incorrect
  • Creating and account with keyword "encrypted" is a plus point for security reason.
  • when an account is created with no encrypted parameter it can be seen as clear text on a syslog if a switch is configured for one , but if it is created with keyword "encrypted" it is seen as hashed and a user can login with human readable password .
# create account admin TEST3 encrypted xIBUUC$j2Z5hxug2o9iSaLxMD.pj/
# exit

login: TEST3
password:12345

* SW35.1 #

* SW35.1 # show configuration aaa
create account admin TEST1 encrypted "xIBUUC$j2Z5hxug2o9iSaLxMD.pj/"
create account admin TEST2 encrypted "12345"
create account admin TEST3 encrypted "xIBUUC$j2Z5hxug2o9iSaLxMD.pj/"
  • It is recommended to create an account by omitting keyword "encrypted" so that an user is not locked out for next login attempt , it is simply under impression that the password used is hashed with use of keyword "encrypted" where it is encrypted automatically when created without parameter "encrypted".

 
Additional notes
If an user is locked out please follow the below link
How to Recover A Switch And Its Configuration Without The Password

Create account admin 
Name must start with an alphabetical character.

Feedback

 

Was this article helpful?


   

Feedback

Please tell us how we can make this article more useful.

Characters Remaining: 255