This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Lukas_Nagy
Participant
‎2018-02-20 04:40 AM

Supported password hashes for creating admin accounts on R80.10 GW?

Hello,

I would like to use script for generating user accounts, however from what I've read it is only possible to use salted MD5 hash for password. Are also other hashes supported? Like SHA-256?

GW and management is R80.10.

Thanks.

6 Replies
Sven_Glock
Advisor
‎2018-05-17 11:33 AM

Actually only MD5 is supported.

SHA2(256/512) will come with R80.20 and for R80.10 and R77.30 in upcoming jumbos in the near future.

Maarten_Sjouw
Champion
Champion
‎2018-05-24 03:38 PM

A couple of weeks ago I was staging a couple of new R80.10 boxes and we were using a list of commands that we normally use for R77.30, including the setting of admin password, the expert password, an additional bash user and some SNMPv3 users. All these commands use hashed passwords that we copied from the show configuration output.

After we were done and tried to login it just completely failed on all those passwords. There is a way to recover when the unit is already connected to the management, which i had luckily. For this see sk106490 How to remotely reset Admin / Expert password on a Security Gateway from a Security Management Server.

One of the items here is this one:

Generate hash for the new password - run the following command and save the generated hash string:

[Expert@HostName]# /sbin/grub-md5-crypt

I have no clue if there really is a difference between R77.30 and R80.10, we have not been triple checking but I really don't know what went wrong here. What I do know is that the above SK saved my day and on top of that I can also tell you the method used here also works on embedded GAIA R77.20 boxes.

Regards, Maarten
0 Kudos
JASPAL_SINGH
Contributor
‎2019-01-30 07:16 AM
In response to Maarten_Sjouw

Could you please guide me like what is the use of command expert-password-hash ?

Actually when I used this command I am not able to login via expert password that I set before applying this command.

0 Kudos
Maarten_Sjouw
Champion
Champion
‎2019-01-30 08:56 AM
In response to JASPAL_SINGH

When you set a expert password and type "show configuration expert-password" you will see a command with the password hashed.

We install gateways at the rate of 1-5 a month, so when you need to make certain configuration during preparation, you want commands like these ready in a simple text file ready to be pasted into the new machine. But in that text file I do not want the actual password in readable format, so that is why you want the command with a hashed password.

Also when you are copying and pasting a password nees to be entered twice when you use the"set expert-password" command.

Regards, Maarten
0 Kudos
JASPAL_SINGH
Contributor
‎2019-01-31 04:45 AM
In response to Maarten_Sjouw

Thanks for the information. Smiley Happy

0 Kudos
Sven_Glock
Advisor
‎2019-08-24 10:29 PM

Since R80.10 Jumbo HFA Take 167 new password hashes are available.

More detailsyou will find in this SK.

 

Cheers

Sven

 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events