AAA/802.1x
Highlighted
AAA/802.1x

Decrypting JUNOS secret data

10.31.08   |  
‎10-31-2008 06:14 AM

Hi,

 

Is there any tool like 'GETPASS' for CISCO devices , which can be used to decrypt the md5 passwords?

Thanks
Pradeep
5 REPLIES
AAA/802.1x

Re: Decrypting JUNOS secret data

10.31.08   |  
‎10-31-2008 12:30 PM

In a word, no. :-)  AFAIK, these are one way hashes.

 

Rgds,

 

Guy 

AAA/802.1x

Re: Decrypting JUNOS secret data

10.31.08   |  
‎10-31-2008 12:55 PM
I need to migrate services from one Juniper M40 to M120.  In BGP part of config ,  authentication-key ( secret -data )is present , how to retrieve  the original key ,so that I can confgure that to restablish BGP from M120 ?
Thanks
Pradeep
AAA/802.1x

Re: Decrypting JUNOS secret data

10.31.08   |  
‎10-31-2008 01:06 PM

You can copy the secret data from one box to another.

 

If you have the config from the old M40, just cut&paste the md5 key straight into a new config for the M120.

 

On a serious note, you should make sure that you *record* your keys somewhere and lock them away so that when this happens in the future and it's been so long since you last used it, you can go and look it up. :-)

 

You could also go to the other router (or ask the owner of the other router) to change both keys so that they are new and they match.  Then write it down and lock it away somewhere safe.

 

Rgds,

 

Guy 

AAA/802.1x

Re: Decrypting JUNOS secret data

10.31.08   |  
‎10-31-2008 01:32 PM

If I just cut&paste the key(secret data) from old router straight into a new config for the M120, will it work ? 

 my doubt is , after commiting the config, 'original key' will be converted to 'secretdata'. Next time if we view the config , what we see is secretdata only.  for the new router, now input  key is mysecretdata which is different from the original key, so this time it will get translated to a different form. 

If A  gets translated to B , and next  if we give B as the input , how will it get translated  ?  As A or B or Someohter C ? can you through some light on this ?

Thanks
Pradeep
AAA/802.1x

Re: Decrypting JUNOS secret data

11.01.08   |  
‎11-01-2008 08:10 AM

Yes it will work.  Think about it...  If you couldn't do it, how would you be able to move a config from one RE to another?  If you want to copy the entire config from the M40 to the M120, you can (although you'll probably have to move some interfaces around and make the appropriate changes to your IGP, etc).

 

The bgp config can be copied from one router to another; if you prefer, you can use "load merge terminal" and create a config excerpt like this...

 

protocols {

  bgp {

    group yourgroup {

      neighbor yourneighbour {

        authentication-key yourencryptedkeyinquotes;

        ...all the other neighbour specific stuff...

      }

    }

  }

}

 

Paste that in and then hit [CTRL-D] and commit.

 

As I said before, the best way to avoid this is not to lose/forget the key.  I strongly recommend changing this key to something that both you and the operator of the other router remember. 

 

Rgds,

 

Guy 

Announcements

AAA/802.1X

IC Series Unified Access Control Appliances are hardened, centralized policy servers, combining the user identity, device security state and network location gathered by the UAC Agent to create unique network access control policy per user, per session.

RSS Icon