password-encryption convert-enc-to-level-10

Changes existing AES-256 encrypted passwords and MD5 passwords to SHA-512 .

Syntax

password-encryption convert-enc-to-level-10

Command Default

By default, passwords from previous releases have the encryption with which they were configured.

Modes

Privileged EXEC mode

Usage Guidelines

Use this command to convert all existing passwords to make them more secure in SLX-OS 20.1.1 or later. Any clear-text (enc-level 0) passwords are retained in the configuration database and not converted to SHA-512.

This command is available only to administrative users.

If you downgrade to a release earlier than SLX-OS 20.1.1, all MD5 passwords that were converted to SHA-512 will not be available.

Examples

The following example shows the warning and the prompt before passwords are converted.

device# password-encryption convert-enc-to-level-10
%WARN: This operation will convert all existing user passwords to SHA-512 format. 
However, the enc level 0 (clear-text) passwords, if any, will be retained as is 
in the configuration database. These configurations will be lost if the system is 
downgraded to lower releases than SLX 20.1.1.
Do you want to continue? [y/n]y
All passwords are converted successfully.

The following example shows the warning when a configuration rollback is in progress.

device# password-encryption convert-enc-to-level-10
%WARN:This operation will convert all existing user passwords to SHA-512 format.
However, the enc level 0 (clear-text) passwords, if any, will be retained as is 
in the configuration database. These configurations will be lost if the system is 
downgraded to lower releases than SLX 20.1.1.
Do you want to continue? [Y/N]y
%%ERROR: Password conversion is not allowed when configuration rollback session 
is in progress; Please try again later.