AAA/802.1x
Reply
Contributor
Gadde
Posts: 28
Registered: ‎10-17-2008
0

Decrypting JUNOS secret data

Hi,

 

Is there any tool like 'GETPASS' for CISCO devices , which can be used to decrypt the md5 passwords?

Thanks
Pradeep
Super Contributor
GuyDavies
Posts: 93
Registered: ‎09-26-2008
0

Re: Decrypting JUNOS secret data

In a word, no. :-)  AFAIK, these are one way hashes.

 

Rgds,

 

Guy 

Contributor
Gadde
Posts: 28
Registered: ‎10-17-2008
0

Re: Decrypting JUNOS secret data

I need to migrate services from one Juniper M40 to M120.  In BGP part of config ,  authentication-key ( secret -data )is present , how to retrieve  the original key ,so that I can confgure that to restablish BGP from M120 ?
Thanks
Pradeep
Super Contributor
GuyDavies
Posts: 93
Registered: ‎09-26-2008
0

Re: Decrypting JUNOS secret data

You can copy the secret data from one box to another.

 

If you have the config from the old M40, just cut&paste the md5 key straight into a new config for the M120.

 

On a serious note, you should make sure that you *record* your keys somewhere and lock them away so that when this happens in the future and it's been so long since you last used it, you can go and look it up. :-)

 

You could also go to the other router (or ask the owner of the other router) to change both keys so that they are new and they match.  Then write it down and lock it away somewhere safe.

 

Rgds,

 

Guy 

Contributor
Gadde
Posts: 28
Registered: ‎10-17-2008
0

Re: Decrypting JUNOS secret data

If I just cut&paste the key(secret data) from old router straight into a new config for the M120, will it work ? 

 my doubt is , after commiting the config, 'original key' will be converted to 'secretdata'. Next time if we view the config , what we see is secretdata only.  for the new router, now input  key is mysecretdata which is different from the original key, so this time it will get translated to a different form. 

If A  gets translated to B , and next  if we give B as the input , how will it get translated  ?  As A or B or Someohter C ? can you through some light on this ?

Thanks
Pradeep
Super Contributor
GuyDavies
Posts: 93
Registered: ‎09-26-2008
0

Re: Decrypting JUNOS secret data

Yes it will work.  Think about it...  If you couldn't do it, how would you be able to move a config from one RE to another?  If you want to copy the entire config from the M40 to the M120, you can (although you'll probably have to move some interfaces around and make the appropriate changes to your IGP, etc).

 

The bgp config can be copied from one router to another; if you prefer, you can use "load merge terminal" and create a config excerpt like this...

 

protocols {

  bgp {

    group yourgroup {

      neighbor yourneighbour {

        authentication-key yourencryptedkeyinquotes;

        ...all the other neighbour specific stuff...

      }

    }

  }

}

 

Paste that in and then hit [CTRL-D] and commit.

 

As I said before, the best way to avoid this is not to lose/forget the key.  I strongly recommend changing this key to something that both you and the operator of the other router remember. 

 

Rgds,

 

Guy 

Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.