Tuesday, February 15, 2011

The NX-OS 'password strength-check' Global Configuration Command

The NX-OS password strength-check global configuration command enables secure password standard.
A secure password should contain characters from at least 3 of the classes – lower case letters, upper case letters, digits, and special characters.

switch(config)# sh run | in strength
no password strength-check
switch(config)# username admin password cisco123
switch(config)# password strength-check
switch(config)# username admin password cisco456
password is weak
Password should contain characters from at least three of the following classes:
lower case letters, upper case letters, digits and special characters.
switch(config)# username admin password P@33w0rd
switch(config)#
switch(config)# sh run | in strength
switch(config)#

The following prompt that is being shown upon the initial setup of a Nexus 5000 switch allows the user to decide whether to enable secure password standard (yes is the default).

         ---- System Admin Account Setup ----


Do you want to enforce secure password standard (yes/no): no

  Enter the password for "admin":
  Confirm the password for "admin":

         ---- Basic System Configuration Dialog ----

This setup utility will guide you through the basic configuration of
the system. Setup configures only enough connectivity for management
of the system.

Please register Cisco Nexus 5000 Family devices promptly with your
supplier. Failure to register may affect response times for initial
service calls. Nexus devices must be registered to receive entitled
support services.

Press Enter at anytime to skip a dialog. Use ctrl-c at anytime
to skip the remaining dialogs.

Would you like to enter the basic configuration dialog (yes/no): no



Nexus 5000 Switch
switch login: admin
Password:
Cisco Nexus Operating System (NX-OS) Software
TAC support: http://www.cisco.com/tac
Copyright (c) 2002-2010, Cisco Systems, Inc. All rights reserved.
The copyrights to certain works contained in this software are
owned by other third parties and used and distributed under
license. Certain components of this software are licensed under
the GNU General Public License (GPL) version 2.0 or the GNU
Lesser General Public License (LGPL) Version 2.1. A copy of each
such license is available at
http://www.opensource.org/licenses/gpl-2.0.php and
http://www.opensource.org/licenses/lgpl-2.1.php
switch#
switch# sh run | in strength
no password strength-check
switch#

2 comments:

  1. so if i choose no on enforce secure password standard, I can enter any password i want right? It doesn't matter how short or any special key right?

    ReplyDelete
    Replies
    1. yeah, tested a single "a" character was accepted as the password. :)

      Delete