SRX Services Gateway
Reply
Visitor
resplendent
Posts: 4
Registered: ‎08-16-2012
0

Passwords in conf file

Hi

 

I am deploying ~90 SRX110's, each will have a specific username and password, chap password and psk.

I am installing the .conf file on the devices via an upgrade autoinstall.

 

Is there a way that I can set the password in the .conf without having to generate and place the hash or $9$ string in the configuration.

 

ie can I type a plain text password in the .conf file and it encrypts itself somehow on install?

 

I'd like to avoid having to do this via J-Web or CLI.

 

Cheers

Recognized Expert
mhariry
Posts: 344
Registered: ‎06-01-2011
0

Re: Passwords in conf file

If you type it plain-text it will be encrypted and working fine

 

# show access                
profile test {
    client R1 chap-secret test1234

 

Regards,

Mohamed Elhariry

Regards,
Mohamed Elhariry
2* JNCIE (SEC # 159, SP # 1059),JNCIP-ENT

[Click the "Star" for Kudos if you think I earned it!
If this solution worked for you please flag my post as an "Accepted Solution" so others can benefit..]
Visitor
resplendent
Posts: 4
Registered: ‎08-16-2012
0

Re: Passwords in conf file

Hi again

 

That seems to have done the trick for the chap and PSK passwords.

 

What is the correct syntax for setting a plain text user password in the conf file. I have tried

    login {
        user test {
            uid 2001;
            class super-user;
            authentication {
                encrypted-password tesT123;
            }
        }

but this does not work (configuration is accepted but the password is not automatically encrypted - I assume that "tesT123" is taken to be the already-encrypted password).

 

Also tried

    login {
        user test {
            uid 2001;
            class super-user;
            authentication {
                plain-text-password tesT123;
            }
        }

 but the command plain-text-password is not correct syntax.

 

Thanks

 

Recognized Expert
mhariry
Posts: 344
Registered: ‎06-01-2011
0

Re: Passwords in conf file

Hi again my friend

 

I am not sure we could do same cause we need to enter twice if we configure in normal way (Retype new password)

 

so I will suggest you very good idea as you already have juniper box running junos (EX or SRX or whatever) you could configure this user on it (even without commit) and make show for it just take it as it is and put it in text file

 

if you paste it on any Juniper running junos it will understand this password and if you trying to login it will accept ( I mean password will be same don't worry about that)

 

system {
    login {
        user admin {
            uid 2000;
            class super-user;
            authentication {
                encrypted-password "$1$oNwYyX8E$Lm7/sRxIrWUL$yVcEX/zY1"; ## SECRET-DATA
            }
        }
    }
}

 

Regards,

 

Mohamed Elhariry

 

JNCIE-M/T # 1059, CCNP & CCIP

 

----------------------------------------------------------------------------------------------------------------------------------------

If this post was helpful, please mark this post as an "Accepted Solution".Kudos are always appreciated!

 

 

Regards,
Mohamed Elhariry
2* JNCIE (SEC # 159, SP # 1059),JNCIP-ENT

[Click the "Star" for Kudos if you think I earned it!
If this solution worked for you please flag my post as an "Accepted Solution" so others can benefit..]
Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.