Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Mike_A
Advisor

Scripts Repository Password Reset

Jump to solution

While testing this in the lab I've noticed some unique handling of a hashed password when using scripts repository. 

 

Temp password was also created on lab gateway using /sbin/grub-md5-crypt command

 

While the script is loaded as a one-time script, it looks like this; 

clish -c "lock database override"

clish -c "set user mike password-hash $1$X.phv0$edJcbh4M.yVp72SnMB45g."

 

After this was completed, I was unable to login. While looking at the output of "show configuration user" one would notice that the hash is not what was passed from the script via SmartConsole Scripts Repository. I've tested this also sending the same password-hash via CLI, in the same format that SmartConsole script would, and it does the same thing. 

 

[Expert@hq-fw-lab-test-01a:0]# clish -c "set user mike password-hash $1$X.phv0$edJcbh4M.yVp72SnMB45g."

[Expert@hq-fw-lab-test-01a:0]# clish -c "show configuration" | grep "mike password-hash"
set user mike password-hash .phv0.yVp72SnMB45g.

 

If I take the same command and use it in the shell, the output is then correct and the password works. 

hq-fw-lab-test-01a> set user mike password-hash $1$X.phv0$edJcbh4M.yVp72SnMB45g.
[Expert@hq-fw-lab-test-01a:0]# clish -c "show configuration" | grep "mike password-hash"
set user mike password-hash $1$X.phv0$edJcbh4M.yVp72SnMB45g.

 

To add, using cprid_util from my provider with the command below, I am able to set the password with no problems. 

$CPDIR/bin/cprid_util -server X.X.X.200 -verbose rexec -rcmd /bin/clish -s -c 'set user mike password-hash $1$X.phv0$edJcbh4M.yVp72SnMB45g.'

 

[Expert@hq-fw-lab-test-01a:0]# clish -c "show configuration" | grep "mike pass"
set user mike password-hash $1$X.phv0$edJcbh4M.yVp72SnMB45g.

 

Is it possible to use Scripts Repository in SmartConsole to pass a hashed password and reset the admin/expert password or even simply add a new user as it seems that wouldn't work either given the symptoms observed here. 

0 Kudos
Reply
1 Solution

Accepted Solutions
PhoneBoy
Admin
Admin
The $1$X is being interpolated as a variable.
I think if you use single quotes around the command you send via clish -c, it shouldn't be treated that way.

View solution in original post

0 Kudos
Reply
4 Replies
PhoneBoy
Admin
Admin
The $1$X is being interpolated as a variable.
I think if you use single quotes around the command you send via clish -c, it shouldn't be treated that way.

View solution in original post

0 Kudos
Reply
_Val_
Admin
Admin

second that

0 Kudos
Reply
Mike_A
Advisor

Thanks @PhoneBoy I thought I had tried that, apparently not. This worked. 

 

 

_Val_
Admin
Admin

Good to know this is resolved

0 Kudos
Reply