Hey everyone,
I’ve been looking into passwords/secrets on Cisco devices, and am a bit confused regarding how to configure the best practice (most secure) password type.
I’ve successfully configured type 7 passwords on devices, enabled password encryption (so they don’t show as plain text in the config) then have been able to SSH to the device using those credentials.
However I’ve read that type 7 passwords are not secure, and using an online crack tool was easily able to crack my encrypted type 7 passwords. When I search online regarding this everyone says to use type 5 secrets instead.
I have no trouble configuring a type 5 secret using the “enable secret” command to use for priv exec mode, which gives me this in the run config:
enable secret 5 $1$mERr$OKzfSUgIm9q.QG2WpAsx1/
However when I try to configure a type 5 secret with a username (so it can be used for SSH) it shows up as plain text in the run config:
ip domain-name test.com
!
username josie secret 5 major
I also cannot SSH to the Cisco device using this username and password, it tells me the password is invalid.
So my question boils down to: What is the best practice for configuring usernames/passwords on Cisco devices which can be used for SSH etc, and how do I configure them?
Thanks for your help!