Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Antonio_Martins
Contributor

set expert password-hash using autoconf.clish doesnt' work

HI CheckMates,

I'm trying to configure expert password using set expert password-hash in autoconf.clish but it doesn't work. I.e the command is accepted but expert password doesn't work.

Strangely user admin password, that was configured the same way (using set administrator username admin password-hash in autoconf.clish) works fine!

Hash obtained either using "cryptpw -a md5 <password>” or ‘openssl passwd -1”,

What am I doing wrong?

AM

0 Kudos
9 Replies
funkylicious
Advisor

Hi,


You can generate the MD5 has from /sbin/grub-md5-crypt , then copy the saltedhash and do a set expert-password-hash <hash> .

Should work just fine like this.

0 Kudos
Antonio_Martins
Contributor

Hi,

Same result. Admin password hash works fine, expert password hash doesn't:

GW000 login: admin
Password:
GW000> expert
Enter expert password:
Wrong password, exiting.

By the way, I'm testing in 1200R gateway.

 

0 Kudos
PhoneBoy
Admin
Admin

I have a feeling the dollar signs in the password hash are getting interpreted by the shell.
Enclose the hashed string in single quotes.
0 Kudos

sk119633 may help with this

0 Kudos
Antonio_Martins
Contributor

The way I found to set expert password-hash using autoconf.clish was to set the password in clish and then copy the value from /flash/expert_pass_ to file.

I guess the hashing algorithm for expert password is not MD5 as it is with admin password hashes.

0 Kudos
Antonio_Martins
Contributor

Enclose the hashed string in single quotes didn't solved it.

0 Kudos
G_W_Albrecht
Legend
Legend

R77.20.87 CLI Guide:

set expert password

Description

Sets the initial password or password hash for the expert shell

Syntax

set expert {password|password-hash} {<pass>|<pass_hash>}

Parameters

Parameter

Description

pass

Password using alphanumeric and special characters

pass_hash

Password MD5 string representation

Example

set expert password-hash $1$fGT7pGX6$oo9LUBJTkLOGKLhjRQ2rw1

Output

Success shows OK. Failure shows an appropriate error message.

Comments

To generate a password-hash, you can use this command on any Check Point SMB Appliance gateway (as an expert user).

cryptpw –a md5 <password string>

 

If this works on CLI only it would be an autoconf.clish limitation - you could even involve TAC !

0 Kudos
Antonio_Martins
Contributor

Example.

[Expert@GW000]# cryptpw -a md5 ClearPassw0rd
$1$byBwFTca$iOzMEY5EfDZ/deRgXaXKi1
[Expert@GW000]# exit


...

Gateway-ID-7F99045E> set expert password-hash $1$byBwFTca$iOzMEY5EfDZ/deRgXaXKi1
Setting expert password with hash
OK
Gateway-ID-7F99045E> expert
Enter expert password:
Wrong password, exiting.

 

Anyone else with the same issue?

0 Kudos
G_W_Albrecht
Legend
Legend

You should involve TAC, this sounds like incorrect behaviour !