Cisco Network Academy. All rights reserved CCNP+ ISCW v1.0Cisco Device HardeningSecuring Cisco Router Installations and Administrative AccessCisco Network Academy. All rights reserved CCNP+ ISCW v1.0Configuring Router PasswordsCisco Network Academy. All rights reserved CCNP+ ISCW v1.0Configuring Router Passwords A console is a terminal connected to a router console port. Console是作为终端管理设备连接到路由器的管理接口. The terminal can be a dumb terminal or a PC with terminal emulation software. 管理设备通常安装有终端管理软件的PC主机,比如安装有超级终端 的PC主机Cisco Network Academy. All rights reserved CCNP+ ISCW v1.0Password Creation Rules Passwords can be 1 to 25 characters in length. 密码可以为1到25个字符的长度 Passwords can include: 密码可以包含如下字符: Alphanumeric characters 阿拉伯字母 Uppercase and lowercase characters 大小写敏感 Symbols and spaces 符号字符和空格 Password-leading spaces are ignored, but any spaces after the first character are not ignored. 密码的首位的空格不作为密码一部分，但是密码尾部的空格将认定为密码 字符. Change passwords. 可以修改密码Cisco Network Academy. All rights reserved CCNP+ ISCW v1.0Initial Configuration DialogWould you like to enter the initial configuration dialog? yes/no yConfiguring global parameters:Enter host name Router: BostonThe enable secret is a password used to protect access to privileged EXEC and configuration modes. This password, after entered, becomes encrypted in the configuration.Enter enable secret: CantGuessMeThe enable password is used when you do not specify an enable secret password, with some older software versions, and some boot images.Enter enable password: WontGuessMeThe virtual terminal password is used to protect access to the router over a network interface.Enter virtual terminal password: CantGuessMeVTYCisco Network Academy. All rights reserved CCNP+ ISCW v1.0Configure the Line-Level Passwordrouter(config)#line console 0 line aux 0 line vty 0 4router(config-line)#loginrouter(config-line)#password password Enters line configuration mode (console, auxiliary, or vty) 进入线路配置模式 Enables password checking at login 启用登录时密码检测 Sets the line-level password 配置线路级别密码Boston(config)#line con 0 Boston(config-line)#login Boston(config-line)#password ConUser1Cisco Network Academy. All rights reserved CCNP+ ISCW v1.0Password Minimum Length Enforcementrouter(config)#security passwords min-length length Sets the minimum length of all Cisco IOS passwords 指定用于Cisco IOS的最小密码长度Boston(config)#security passwords min-length 10Cisco Network Academy. All rights reserved CCNP+ ISCW v1.0Encrypting Passwords Using the service password-encryption Commandservice password-encryption Encrypts all passwords in the router configuration file 加密所有路由器配置文件中的明文密码router(config)#Boston(config)#service password-encryption Boston(config)#exit Boston#show running-config enable password 7 06020026144A061E ! line con 0 password 7 0956F57A109A ! line vty 0 4 password 7 034A18F366A0 ! line aux 0 password 7 7A4F5192306ACisco Network Academy. All rights reserved CCNP+ ISCW v1.0Enhanced Username Password Securityrouter(config)# username name secret 0 password | 5 encrypted-secret Uses MD5 hashing for strong password protection 使用MD5散列算法提供强壮的密码保护 Better than the type 7 encryption found in service password- encryption command 相对于service password-encryption命令的类型7的加密更为优异Boston(config)#username rtradmin secret 0 Curium96 Boston(config)#username rtradmin secret 5 $1$feb0$a104Qd9UZ./Ak007router(config)# username name password 0 password | 7 hidden-password Traditional user configuration with plaintext password 为用户配置