[nsp] cisco password hash problems?

John Osmon josmon at rigozsaurus.com
Mon Apr 12 18:53:42 EDT 2004


I recently started running c7200-k91p-mz.122-18.S4.bin on a 7206.
Once booted, I wasn't able to login with a one of the locally defined 
usernames.  Resetting the password fixed things, but the fact that it
happened at all annoyed me.

With a little experimentation, I finally found out that the particular
hash that I had was the problem.  
  - It works fine in the older IOS version, but always fails with the newer.
  - I created a new hash by using the same password on the older IOS,
    and had no problem when booting the new IOS
  - I created a new hash with the same password using the newer IOS
    and was able to login with either IOS version booted

It's gotten me spooked enough that our new template for upgrading
routers (especially remote ones) has a couple of new steps at the
beginning:
  - no service password-encryption
  - username yyy password <new password>
  - write

Once the upgrade is done, we'll add back 'service password-encryption'.

Has anyone else experienced this problem?  IOS details and the password
hash are available to any of the Cisco folks that want to disect
things...


More information about the cisco-nsp mailing list