cisco3560 password命令问题

phlipzheng

cisco3560在全局模式下有一个password命令包括encrypt和logging。我想请问那位高手解释一下日router<config>#password encrtpt和router<config>#password logging的区别,以及同router<config>#enable secret 命令的区别。

seven007

有个高手叫google

ssffzz1

同意LS的法子。

最基础的问题了。参见CCNA.

phlipzheng

我查了很久，都是些很模糊的回答，大都是service password-encryption命令的解释，没有password encrypt的解释。另外password logging是不是表示查看log日志时需要密码.

ssffzz1

encryption  Encrypt system passwords  ## 这个应该是配置加密密码所使用的算法
logging     Enable password operations logging ##这个应该是记录对密码的操作，而不是加密log日志。不过这个命令的结果我没有试验出来。

seven007

原帖由 phlipzheng 于 2008-12-18 13:23 发表
我查了很久，都是些很模糊的回答，大都是service password-encryption命令的解释，没有password encrypt的解释。另外password logging是不是表示查看log日志时需要密码.

3560(config)#password ?
encryption  Encrypt system passwords 加密系统密码，防止明文密码
logging     Enable password operations logging  开启密码操作日志，也就是记录操作。

ssffzz1

encryption  Encrypt system passwords  
这个我咋测试的结果是 修改加密算法的。
LS的有可靠的资料吗？


下面是测试的日志：
从前后2次的加密结果比较来看，此命令是修改加密算法的。

C3640(config)#   enable sec admin
C3640(config)#do show run
Building configuration...

Current configuration : 1137 bytes
!
version 12.4
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname C3640
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$xdAk$Ijtz4Qd8HZP31prIlvqZS1
!
no aaa new-model
!
resource policy
!
!
!
ip cef
no ip domain lookup
         
C3640(config)#pass en aes
C3640(config)#enable sec admin
C3640(config)#do show run
Building configuration...

Current configuration : 1161 bytes
!
version 12.4
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname C3640
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$6OUu$8Do5cbyk7AJ2IbvU8JKvC1
!
no aaa new-model
!
resource policy
!
!
!
ip cef
no ip domain lookup
         
C3640(config)#
C3640(config)#do show ver
Cisco IOS Software, 3600 Software (C3640-JK9S-M), Version 12.4(, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2006 by Cisco Systems, Inc.
Compiled Mon 15-May-06 16:28 by prod_rel_team

ROM: System Bootstrap, Version 11.1(20)AA1, EARLY DEPLOYMENT RELEASE SOFTWARE (fc1)

C3640 uptime is 10 minutes
System returned to ROM by reload
System image file is "flash:c3640-jk9s-mz.124-8.bin"


This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.

A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html

If you require further assistance please contact us by sending email to
export@cisco.com.

Cisco 3640 (R4700) processor (revision 0x00) with 124928K/6144K bytes of memory.
Processor board ID 13894963
R4700 CPU at 100MHz, Implementation 33, Rev 1.0
5 Ethernet interfaces
4 Serial interfaces
DRAM configuration is 64 bits wide with parity disabled.
125K bytes of NVRAM.
32768K bytes of processor board System flash (Read/Write)

Configuration register is 0x2102

C3640(config)#

seven007

原帖由 ssffzz1 于 2008-12-18 14:06 发表
encryption  Encrypt system passwords  
这个我咋测试的结果是 修改加密算法的。
LS的有可靠的资料吗？


下面是测试的日志：
从前后2次的加密结果比较来看，此命令是修改加密算法的。

C3640(config) ...

你是对的，是修改加密算法

ssffzz1

也感谢你6楼的回答，让我更确定了这个参数的用法：

logging     Enable password operations logging  开启密码操作日志，也就是记录操作。

phlipzheng

多谢两位法师，这两个命令是不是不常用？很感激两位让我又学到了知识。我还有一个疑问：怎么判断出password encryption这个命令是改变加密算法的？是通过前后两次不同的
enable secret 5 $1$xdAk$Ijtz4Qd8HZP31prIlvqZS1
enable secret 5 $1$6OUu$8Do5cbyk7AJ2IbvU8JKvC1
来判断的吗？