Posted on September 16, 2020 12:33 am
 |  Asked by Carlo Taddei
 |  36 views
0
0
Print Friendly, PDF & Email

Hi,

I searched through the EOS admin guides and this forum and found no answer.

I just wanted to know if EOS supports as of today (latest Maintenance Release) Password Strength and Managment / Complexity similar to what i.e. implemented by Cisco IOS (Password Strength and Management for Common Criteria)

https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst2960l/software/15-2_6_e/configuration_guide/b_1526e_consolidated_2960l_cg/b_1526e_consolidated_2960l_cg_chapter_0100001.html

Thanks,

Best Regards,

 

0
Posted by Alexis Dacquay
Answered on September 16, 2020 2:42 pm

Hi Carlo,

Yes on length

arista(config-mgmt-security)#?
entropy Entropy configuration
password Password configuration
session configure session settings
signature-verification Configure whether to verify signatures
ssl Configure SSL related options
----------------------------------------
arista(config-mgmt-security)#management security
arista(config-mgmt-security)#password ?
encryption-key internal storage encryption-key
minimum Minimum setting

arista(config-mgmt-security)#password minimum ?
length Number of characters

The complexity isn't configurable. Valid passwords (accepted by EOS) contain the characters A-Z, a-z, 0-9 and any of these punctuation characters:
!@#$%ˆ&*()-_=+ {}[];:<>,.?/ ?

These articles relates to Hardening EOS, including for CC.
https://eos.arista.com/arista-eos-hardening-guide/#Password_Management
and:
https://eos.arista.com/securing-eos-cli/#Password_Hashing_Algorithm

If you are very conscious about password strength, a best practice isn't to configure static password on the device, but either centrally where you manage your complexity policy (on authentication servers), or even better: with certificate:
https://eos.arista.com/eos-4-22-1f/ssh-certificates/

Post your Answer

You must be logged in to post an answer.