Skip to main content

Usernames and Passwords

There are different ways in IOS to configure users with corresponding passwords. For SSH, the Router/Switch doesn't need the cleartext password.

That means you should not configure your users with
switch(config)#username USER password PASS

 

Better configure your users with hashed passwords. If you are running a recent IOS, you can configure the passwords to be hashed with sha256 algorithm or a type 9 password:

switch(config)#username USER algorithm-type sha256 secret VERYSECUREPASSWORD

or

switch(config)#username USER algorithm-type scrypt secret VERYSECUREPASSWORD

 

If your IOS doesn't support this new username-parameter, you configure them the following way:

switch(config)#username USER secret VERYSECUREPASSWORD

 

 

Some more protection-mechanisms that should be thought about are Control-Plane-Protection and Management-Plane-Protection. But that is not SSH-specific.

Back to top