https://community.checkpoint.com/t5/API-CLI-Discussion/Scripts-Repository-Password-Reset/m-p/84616#M4835 <P>While testing this in the lab I've noticed some unique handling of a hashed password when using scripts repository.&nbsp;</P><P>&nbsp;</P><P>Temp password was also created on lab gateway using /sbin/grub-md5-crypt command</P><P>&nbsp;</P><P>While the script is loaded as a one-time script, it looks like this;&nbsp;</P><P><STRONG>clish -c "lock database override"</STRONG></P><P><STRONG>clish -c&nbsp;"set user mike password-hash $1$X.phv0$edJcbh4M.yVp72SnMB45g."</STRONG></P><P>&nbsp;</P><P>After this was completed, I was unable to login. While looking at the output of "show configuration user" one would notice that the hash is not what was passed from the script via SmartConsole Scripts Repository. I've tested this also sending the same password-hash via CLI, in the same format that SmartConsole script would, and it does the same thing.&nbsp;</P><P>&nbsp;</P><P><STRONG>[Expert@hq-fw-lab-test-01a:0]# clish -c&nbsp;"set user mike password-hash $1$X.phv0$edJcbh4M.yVp72SnMB45g."</STRONG></P><P><STRONG>[Expert@hq-fw-lab-test-01a:0]# clish -c "show configuration" | grep "mike password-hash"</STRONG><BR /><STRONG>set user mike password-hash .phv0.yVp72SnMB45g.</STRONG></P><P>&nbsp;</P><P>If I take the same command and use it in the shell, the output is then correct and the password works.&nbsp;</P><P><STRONG>hq-fw-lab-test-01a&gt; set user mike password-hash $1$X.phv0$edJcbh4M.yVp72SnMB45g.</STRONG><BR /><STRONG>[Expert@hq-fw-lab-test-01a:0]# clish -c "show configuration" | grep "mike password-hash"</STRONG><BR /><STRONG>set user mike password-hash $1$X.phv0$edJcbh4M.yVp72SnMB45g.</STRONG></P><P>&nbsp;</P><P>To add, using cprid_util from my provider with the command below, I am able to set the password with no problems.&nbsp;</P><P><STRONG>$CPDIR/bin/cprid_util -server X.X.X.200 -verbose rexec -rcmd /bin/clish -s -c 'set user mike password-hash $1$X.phv0$edJcbh4M.yVp72SnMB45g.'</STRONG></P><P>&nbsp;</P><P><STRONG>[Expert@hq-fw-lab-test-01a:0]# clish -c "show configuration" | grep "mike pass"</STRONG><BR /><STRONG>set user mike password-hash $1$X.phv0$edJcbh4M.yVp72SnMB45g.</STRONG></P><P>&nbsp;</P><P>Is it possible to use Scripts Repository in SmartConsole to pass a hashed password and reset the admin/expert password or even simply add a new user as it seems that wouldn't work either given the symptoms observed here.&nbsp;</P> Fri, 08 May 2020 19:37:57 GMT Mike_A 2020-05-08T19:37:57Z https://community.checkpoint.com/t5/API-CLI-Discussion/Scripts-Repository-Password-Reset/m-p/84616#M4835 <P>While testing this in the lab I've noticed some unique handling of a hashed password when using scripts repository.&nbsp;</P><P>&nbsp;</P><P>Temp password was also created on lab gateway using /sbin/grub-md5-crypt command</P><P>&nbsp;</P><P>While the script is loaded as a one-time script, it looks like this;&nbsp;</P><P><STRONG>clish -c "lock database override"</STRONG></P><P><STRONG>clish -c&nbsp;"set user mike password-hash $1$X.phv0$edJcbh4M.yVp72SnMB45g."</STRONG></P><P>&nbsp;</P><P>After this was completed, I was unable to login. While looking at the output of "show configuration user" one would notice that the hash is not what was passed from the script via SmartConsole Scripts Repository. I've tested this also sending the same password-hash via CLI, in the same format that SmartConsole script would, and it does the same thing.&nbsp;</P><P>&nbsp;</P><P><STRONG>[Expert@hq-fw-lab-test-01a:0]# clish -c&nbsp;"set user mike password-hash $1$X.phv0$edJcbh4M.yVp72SnMB45g."</STRONG></P><P><STRONG>[Expert@hq-fw-lab-test-01a:0]# clish -c "show configuration" | grep "mike password-hash"</STRONG><BR /><STRONG>set user mike password-hash .phv0.yVp72SnMB45g.</STRONG></P><P>&nbsp;</P><P>If I take the same command and use it in the shell, the output is then correct and the password works.&nbsp;</P><P><STRONG>hq-fw-lab-test-01a&gt; set user mike password-hash $1$X.phv0$edJcbh4M.yVp72SnMB45g.</STRONG><BR /><STRONG>[Expert@hq-fw-lab-test-01a:0]# clish -c "show configuration" | grep "mike password-hash"</STRONG><BR /><STRONG>set user mike password-hash $1$X.phv0$edJcbh4M.yVp72SnMB45g.</STRONG></P><P>&nbsp;</P><P>To add, using cprid_util from my provider with the command below, I am able to set the password with no problems.&nbsp;</P><P><STRONG>$CPDIR/bin/cprid_util -server X.X.X.200 -verbose rexec -rcmd /bin/clish -s -c 'set user mike password-hash $1$X.phv0$edJcbh4M.yVp72SnMB45g.'</STRONG></P><P>&nbsp;</P><P><STRONG>[Expert@hq-fw-lab-test-01a:0]# clish -c "show configuration" | grep "mike pass"</STRONG><BR /><STRONG>set user mike password-hash $1$X.phv0$edJcbh4M.yVp72SnMB45g.</STRONG></P><P>&nbsp;</P><P>Is it possible to use Scripts Repository in SmartConsole to pass a hashed password and reset the admin/expert password or even simply add a new user as it seems that wouldn't work either given the symptoms observed here.&nbsp;</P> Fri, 08 May 2020 19:37:57 GMT https://community.checkpoint.com/t5/API-CLI-Discussion/Scripts-Repository-Password-Reset/m-p/84616#M4835 Mike_A 2020-05-08T19:37:57Z https://community.checkpoint.com/t5/API-CLI-Discussion/Scripts-Repository-Password-Reset/m-p/84775#M4846 The $1$X is being interpolated as a variable.<BR />I think if you use single quotes around the command you send via clish -c, it shouldn't be treated that way. Mon, 11 May 2020 00:03:46 GMT https://community.checkpoint.com/t5/API-CLI-Discussion/Scripts-Repository-Password-Reset/m-p/84775#M4846 PhoneBoy 2020-05-11T00:03:46Z https://community.checkpoint.com/t5/API-CLI-Discussion/Scripts-Repository-Password-Reset/m-p/84801#M4848 <P>second that</P> Mon, 11 May 2020 07:27:14 GMT https://community.checkpoint.com/t5/API-CLI-Discussion/Scripts-Repository-Password-Reset/m-p/84801#M4848 _Val_ 2020-05-11T07:27:14Z https://community.checkpoint.com/t5/API-CLI-Discussion/Scripts-Repository-Password-Reset/m-p/84825#M4849 <P>Thanks&nbsp;<a href="https://community.checkpoint.com/t5/user/viewprofilepage/user-id/7">@PhoneBoy</a>&nbsp;I thought I had tried that, apparently not. This worked.&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P> Mon, 11 May 2020 11:02:39 GMT https://community.checkpoint.com/t5/API-CLI-Discussion/Scripts-Repository-Password-Reset/m-p/84825#M4849 Mike_A 2020-05-11T11:02:39Z https://community.checkpoint.com/t5/API-CLI-Discussion/Scripts-Repository-Password-Reset/m-p/84832#M4850 <P>Good to know this is resolved</P> Mon, 11 May 2020 12:59:31 GMT https://community.checkpoint.com/t5/API-CLI-Discussion/Scripts-Repository-Password-Reset/m-p/84832#M4850 _Val_ 2020-05-11T12:59:31Z