cancel
Showing results for 
Search instead for 
Did you mean: 
Post a Question

Supported password hashes for creating admin accounts on R80.10 GW?

Hello,

I would like to use script for generating user accounts, however from what I've read it is only possible to use salted MD5 hash for password. Are also other hashes supported? Like SHA-256?

GW and management is R80.10.

Thanks.

5 Replies
Sven_Glock
Silver

Re: Supported password hashes for creating admin accounts on R80.10 GW?

Actually only MD5 is supported.

SHA2(256/512) will come with R80.20 and for R80.10 and R77.30 in upcoming jumbos in the near future.

Maarten_Sjouw
Platinum

Re: Supported password hashes for creating admin accounts on R80.10 GW?

A couple of weeks ago I was staging a couple of new R80.10 boxes and we were using a list of commands that we normally use for R77.30, including the setting of admin password, the expert password, an additional bash user and some SNMPv3 users. All these commands use hashed passwords that we copied from the show configuration output.

After we were done and tried to login it just completely failed on all those passwords. There is a way to recover when the unit is already connected to the management, which i had luckily. For this see sk106490 How to remotely reset Admin / Expert password on a Security Gateway from a Security Management Server.

One of the items here is this one:

Generate hash for the new password - run the following command and save the generated hash string:

[Expert@HostName]# /sbin/grub-md5-crypt

I have no clue if there really is a difference between R77.30 and R80.10, we have not been triple checking but I really don't know what went wrong here. What I do know is that the above SK saved my day and on top of that I can also tell you the method used here also works on embedded GAIA R77.20 boxes.

Regards, Maarten
0 Kudos

Re: Supported password hashes for creating admin accounts on R80.10 GW?

Could you please guide me like what is the use of command expert-password-hash ?

Actually when I used this command I am not able to login via expert password that I set before applying this command.

0 Kudos
Maarten_Sjouw
Platinum

Re: Supported password hashes for creating admin accounts on R80.10 GW?

When you set a expert password and type "show configuration expert-password" you will see a command with the password hashed.

We install gateways at the rate of 1-5 a month, so when you need to make certain configuration during preparation, you want commands like these ready in a simple text file ready to be pasted into the new machine. But in that text file I do not want the actual password in readable format, so that is why you want the command with a hashed password.

Also when you are copying and pasting a password nees to be entered twice when you use the"set expert-password" command.

Regards, Maarten
0 Kudos

Re: Supported password hashes for creating admin accounts on R80.10 GW?

Thanks for the information. Smiley Happy

0 Kudos