Here is how to decrypt and encrypt BMP passwords. router bgp 65001 monitoring station BMP1 authentication-key 7 JieKbldfLyl9IzUBJZRvKIcc1w5wWogI
The plain-text authentication-key is supersecretpassword.
Decrypt cisco secret 4 password#
This is how you would generate the encrypted password for BGP with the password supersecretpassword switch1#bash python -c 'import DesCrypt print DesCrypt.encrypt("mydevices_passwd", "supersecretpassword")' 8kjYaye5DsQh0epELyKNe0oZ3E3zp39X switch1#bash python -c 'import DesCrypt print DesCrypt.encrypt("10.1.0.30_passwd", "supersecretpassword")' M9dLKl9vELqUERgcfkztblNGbMxVQdxU BMP (BGP Monitoring Protocol)īMP passwords use the station name plus the string _passwd. switch1#bash python -c 'import DesCrypt print crypt("mydevices_passwd", "8kjYaye5DsQh0epELyKNe0oZ3E3zp39X")' supersecretpassword switch1#bash python -c 'import DesCrypt print crypt("10.1.0.30_passwd", "M9dLKl9vELqUERgcfkztblNGbMxVQdxU")' supersecretpassword If you get any errors then you didn’t supply the correct key or password to decrypt. This is how you would decrypt each password. router bgp 65001 router-id 10.1.1.1 neighbor mydevices peer-group neighbor mydevices password 7 8kjYaye5DsQh0epELyKNe0oZ3E3zp39X neighbor 10.1.0.20 peer-group special-devices neighbor 10.1.0.30 password 7 M9dLKl9vELqUERgcfkztblNGbMxVQdxU The password is supersecretpassword for both, but you can see the type 7 hash is different. In this configuration example, I have a password for a peer group and a neighbor. If you have a peer group configured it uses the peer group name instead of the neighbor IP. BGPĪrista BGP Type 7 passwords are generated by combining the BGP neighbor IP and the string _passwd. All I know is that its DES-CBC + base64 encoded. Arista uses a proprietary DesCrypt library, and I don’t know how the encryption is done behind the scenes. I tricked myself thinking _passwd was an internal python variable and not a string.
Decrypt cisco secret 4 code#
It seems obvious now when looking at the code but I only started with the thought “They do it on the CLI so it has to be in here somewhere“. After many hours of using grep and reading through the python code, I found the answer in CliPlugin/RoutingBgpCli.py & CliPlugin/RoutingOspfCli.py. Arista has published documentation about how to create your own CLI commands or modify existing ones. The Short StoryĪrista is nice because all of the Python code for the CLI can be found on the switch under /usr/lib/python2.7/site-packages/. The latter question was asked first and I set my sights on figuring it out. What if you want to encrypt these passwords beforehand for automation purposes? Both of these questions have come up over the last few months in the #arista channel on the Network to Code slack. What if you need to decrypt a BGP, BMP, or OSPF password in your Arista configuration to migrate the configuration to a different vendor? You may have tried a Cisco Type 7 Reverser and find that it doesn’t work. Encrypting & Decrypting Arista BGP, BMP, & OSPF Passwords
0 kommentar(er)
