Junos OS

Expand all | Collapse all

Junos Password and key storing hashes

Jump to Best Answer
  • 1.  Junos Password and key storing hashes

    Posted 01-20-2018 05:18
      |   view attached

    Hi all ..

    Junos stores the user login plaintext passowrds in the form hashes using MD-5 hashing algorith. Theses hashes are visible in configuration and starts with "$1$". On the other hand the TACACS+ / Radius Server key and VPN Pre-shared key are stored in reversible encyption hashes and these hashes starts with $9$ (Sample config att). The reversible encryption hashes are easily decrypted to origional keys using online available tools .

    My question is what's the technical compulsion behind storing the authentication keys in reversible encryption hashes and is there a way to avoid this and use MD5 instead .. ?

     

    Thanks

    Attachment(s)

    txt
    SRX-Config.txt   385B 1 version


  • 2.  RE: Junos Password and key storing hashes
    Best Answer

    Posted 01-20-2018 10:33

    This has already been handled from Junos 15.1X49-D50 and 16.2R1 for MX/QFX.

     

    You can define a master password which then encrypt the $9$ strings. You can then only use the $9$ values if you know the master password.

    More information here: https://www.juniper.net/documentation/en_US/junos/topics/concept/harden-shared-secrets.html

     

    I hope this answers your question 🙂



  • 3.  RE: Junos Password and key storing hashes

    Posted 01-20-2018 10:43

    Thank You Jonashauge. Thats what i was looking for 🙂