Login
Test suite for login configuration scenarios
Test SSH Max Auth
Description
Check maximum number of authentication attempts through SSH connection
Scenario
Step 1: Set the following configuration in DUT0 :
set service ssh set service telnet set system login parameters max-auth-tries 3 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Note
Try twice with an incorrect password and then with a correct password to check that the third time the user can access:
Note
Try with incorrect password:
Step 2: Expect a failure in the following command:
Init an SSH connection from DUT0 to IP address 127.0.0.1 with the user admin:
admin@DUT0$ ssh admin@127.0.0.1 option StrictHostKeyChecking=no option UserKnownHostsFile=/dev/nullShow output
Warning: Permanently added '127.0.0.1' (ECDSA) to the list of known hosts. admin@127.0.0.1's password:
Note
Authentication fails:
Show output
No match found for '(([A-Za-z0-9-_]+)@(-*[A-Za-z0-9][A-Za-z0-9-]*[A-Za-z0-9]+[\$|#])|_sysadm@([A-Za-z0-9][A-Za-z0-9-]*[A-Za-z0-9]+):~\$)' in 20 seconds. Output: Permission denied, please try again. admin@127.0.0.1's password:
Note
Try with incorrect password:
Step 3: Expect a failure in the following command:
Init an SSH connection from DUT0 to IP address 127.0.0.1 with the user admin:
admin@DUT0$ ssh admin@127.0.0.1 option StrictHostKeyChecking=no option UserKnownHostsFile=/dev/nullShow output
Warning: Permanently added '127.0.0.1' (ECDSA) to the list of known hosts. admin@127.0.0.1's password:
Note
Authentication fails:
Show output
No match found for '(([A-Za-z0-9-_]+)@(-*[A-Za-z0-9][A-Za-z0-9-]*[A-Za-z0-9]+[\$|#])|_sysadm@([A-Za-z0-9][A-Za-z0-9-]*[A-Za-z0-9]+):~\$)' in 20 seconds. Output: Permission denied, please try again. admin@127.0.0.1's password:
Note
Try with correct password:
Step 4: Init an SSH connection from DUT0 to IP address 127.0.0.1 with the user admin:
admin@DUT0$ ssh admin@127.0.0.1 option StrictHostKeyChecking=no option UserKnownHostsFile=/dev/nullShow output
Warning: Permanently added '127.0.0.1' (ECDSA) to the list of known hosts. admin@127.0.0.1's password: Welcome to Teldat OSDx v4.2.7.0 This system includes free software. Contact Teldat for licenses information and source code. Last login: Fri Oct 10 19:14:24 2025 admin@osdx$
Note
Try three times with an incorrect password and then with a correct password to check that the third time the user cannot access because the number of authentication attempts is higher than 3:
Note
Try with incorrect password:
Step 5: Expect a failure in the following command:
Init an SSH connection from DUT0 to IP address 127.0.0.1 with the user admin:
admin@DUT0$ ssh admin@127.0.0.1 option StrictHostKeyChecking=no option UserKnownHostsFile=/dev/nullShow output
Warning: Permanently added '127.0.0.1' (ECDSA) to the list of known hosts. admin@127.0.0.1's password:
Note
Authentication fails:
Show output
No match found for '(([A-Za-z0-9-_]+)@(-*[A-Za-z0-9][A-Za-z0-9-]*[A-Za-z0-9]+[\$|#])|_sysadm@([A-Za-z0-9][A-Za-z0-9-]*[A-Za-z0-9]+):~\$)' in 20 seconds. Output: Permission denied, please try again. admin@127.0.0.1's password:
Note
Try with incorrect password:
Step 6: Expect a failure in the following command:
Init an SSH connection from DUT0 to IP address 127.0.0.1 with the user admin:
admin@DUT0$ ssh admin@127.0.0.1 option StrictHostKeyChecking=no option UserKnownHostsFile=/dev/nullShow output
Warning: Permanently added '127.0.0.1' (ECDSA) to the list of known hosts. admin@127.0.0.1's password:
Note
Authentication fails:
Show output
No match found for '(([A-Za-z0-9-_]+)@(-*[A-Za-z0-9][A-Za-z0-9-]*[A-Za-z0-9]+[\$|#])|_sysadm@([A-Za-z0-9][A-Za-z0-9-]*[A-Za-z0-9]+):~\$)' in 20 seconds. Output: Permission denied, please try again. admin@127.0.0.1's password:
Note
Try with incorrect password:
Step 7: Expect a failure in the following command:
Init an SSH connection from DUT0 to IP address 127.0.0.1 with the user admin:
admin@DUT0$ ssh admin@127.0.0.1 option StrictHostKeyChecking=no option UserKnownHostsFile=/dev/nullShow output
Warning: Permanently added '127.0.0.1' (ECDSA) to the list of known hosts. admin@127.0.0.1's password:
Note
Authentication fails:
Show output
No match found for '(([A-Za-z0-9-_]+)@(-*[A-Za-z0-9][A-Za-z0-9-]*[A-Za-z0-9]+[\$|#])|_sysadm@([A-Za-z0-9][A-Za-z0-9-]*[A-Za-z0-9]+):~\$)' in 20 seconds. Output: Permission denied, please try again. admin@127.0.0.1's password:
Note
Try with correct password and check that it fails:
Step 8: Expect a failure in the following command:
Init an SSH connection from DUT0 to IP address 127.0.0.1 with the user admin:
admin@DUT0$ ssh admin@127.0.0.1 option StrictHostKeyChecking=no option UserKnownHostsFile=/dev/nullShow output
Warning: Permanently added '127.0.0.1' (ECDSA) to the list of known hosts. admin@127.0.0.1's password:
Note
Authentication fails:
Show output
No match found for '(([A-Za-z0-9-_]+)@(-*[A-Za-z0-9][A-Za-z0-9-]*[A-Za-z0-9]+[\$|#])|_sysadm@([A-Za-z0-9][A-Za-z0-9-]*[A-Za-z0-9]+):~\$)' in 20 seconds. Output: Permission denied, please try again. admin@127.0.0.1's password:
Note
Wait for 61 seconds (unlock-time is, by default 60 seconds)
Note
Try with correct password:
Step 9: Init an SSH connection from DUT0 to IP address 127.0.0.1 with the user admin:
admin@DUT0$ ssh admin@127.0.0.1 option StrictHostKeyChecking=no option UserKnownHostsFile=/dev/nullShow output
Warning: Permanently added '127.0.0.1' (ECDSA) to the list of known hosts. admin@127.0.0.1's password: Welcome to Teldat OSDx v4.2.7.0 This system includes free software. Contact Teldat for licenses information and source code. Last login: Fri Oct 10 19:15:15 2025 from 127.0.0.1 admin@osdx$
Test SSH Unlock Time
Description
Check maximum unlock time through SSH connection
Scenario
Step 1: Set the following configuration in DUT0 :
set service ssh set service telnet set system login parameters max-auth-tries 3 set system login parameters unlock-time 5 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Note
Try with incorrect password 3 times to lock it:
Note
Try with incorrect password:
Step 2: Expect a failure in the following command:
Init an SSH connection from DUT0 to IP address 127.0.0.1 with the user admin:
admin@DUT0$ ssh admin@127.0.0.1 option StrictHostKeyChecking=no option UserKnownHostsFile=/dev/nullShow output
Warning: Permanently added '127.0.0.1' (ECDSA) to the list of known hosts. admin@127.0.0.1's password:
Note
Authentication fails:
Show output
No match found for '(([A-Za-z0-9-_]+)@(-*[A-Za-z0-9][A-Za-z0-9-]*[A-Za-z0-9]+[\$|#])|_sysadm@([A-Za-z0-9][A-Za-z0-9-]*[A-Za-z0-9]+):~\$)' in 20 seconds. Output: Permission denied, please try again. admin@127.0.0.1's password:
Note
Try with incorrect password:
Step 3: Expect a failure in the following command:
Init an SSH connection from DUT0 to IP address 127.0.0.1 with the user admin:
admin@DUT0$ ssh admin@127.0.0.1 option StrictHostKeyChecking=no option UserKnownHostsFile=/dev/nullShow output
Warning: Permanently added '127.0.0.1' (ECDSA) to the list of known hosts. admin@127.0.0.1's password:
Note
Authentication fails:
Show output
No match found for '(([A-Za-z0-9-_]+)@(-*[A-Za-z0-9][A-Za-z0-9-]*[A-Za-z0-9]+[\$|#])|_sysadm@([A-Za-z0-9][A-Za-z0-9-]*[A-Za-z0-9]+):~\$)' in 20 seconds. Output: Permission denied, please try again. admin@127.0.0.1's password:
Note
Try with incorrect password:
Step 4: Expect a failure in the following command:
Init an SSH connection from DUT0 to IP address 127.0.0.1 with the user admin:
admin@DUT0$ ssh admin@127.0.0.1 option StrictHostKeyChecking=no option UserKnownHostsFile=/dev/nullShow output
Warning: Permanently added '127.0.0.1' (ECDSA) to the list of known hosts. admin@127.0.0.1's password:
Note
Authentication fails:
Show output
No match found for '(([A-Za-z0-9-_]+)@(-*[A-Za-z0-9][A-Za-z0-9-]*[A-Za-z0-9]+[\$|#])|_sysadm@([A-Za-z0-9][A-Za-z0-9-]*[A-Za-z0-9]+):~\$)' in 20 seconds. Output: Permission denied, please try again. admin@127.0.0.1's password:
Note
Try with correct password before unlock time is up to check that it fails:
Step 5: Expect a failure in the following command:
Init an SSH connection from DUT0 to IP address 127.0.0.1 with the user admin:
admin@DUT0$ ssh admin@127.0.0.1 option StrictHostKeyChecking=no option UserKnownHostsFile=/dev/nullShow output
Warning: Permanently added '127.0.0.1' (ECDSA) to the list of known hosts. admin@127.0.0.1's password:
Note
Authentication fails:
Show output
No match found for '(([A-Za-z0-9-_]+)@(-*[A-Za-z0-9][A-Za-z0-9-]*[A-Za-z0-9]+[\$|#])|_sysadm@([A-Za-z0-9][A-Za-z0-9-]*[A-Za-z0-9]+):~\$)' in 20 seconds. Output: Permission denied, please try again. admin@127.0.0.1's password:
Note
Wait for 6 seconds (until unlock time is up)
Note
Try with correct password:
Step 6: Init an SSH connection from DUT0 to IP address 127.0.0.1 with the user admin:
admin@DUT0$ ssh admin@127.0.0.1 option StrictHostKeyChecking=no option UserKnownHostsFile=/dev/nullShow output
Warning: Permanently added '127.0.0.1' (ECDSA) to the list of known hosts. admin@127.0.0.1's password: Welcome to Teldat OSDx v4.2.7.0 This system includes free software. Contact Teldat for licenses information and source code. Last login: Fri Oct 10 19:18:57 2025 admin@osdx$
Test SSH Before Timeout
Description
Check session can be closed before timeout through SSH connection
Scenario
Step 1: Set the following configuration in DUT0 :
set service ssh set service telnet set system login parameters idle-timeout 7 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Note
Start monitor session
Step 2: Run command ssh admin@127.0.0.1 option StrictHostKeyChecking=no option UserKnownHostsFile=/dev/null at DUT0.
Note
Wait for 3.5 seconds (before idle timeout is up)
Note
Close connection:
Show output
exit Connection to 127.0.0.1 closed. admin@osdx$
Test SSH Timeout
Description
Check session timeout through SSH connection
Scenario
Step 1: Set the following configuration in DUT0 :
set service ssh set service telnet set system login parameters idle-timeout 7 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Note
Start monitor session
Step 2: Run command ssh admin@127.0.0.1 option StrictHostKeyChecking=no option UserKnownHostsFile=/dev/null at DUT0.
Note
Log in and wait for 8 seconds (until idle timeout is up)
Show output
Welcome to Teldat OSDx v4.2.7.0 This system includes free software. Contact Teldat for licenses information and source code. Last login: Fri Oct 10 19:22:21 2025 admin@osdx$ Session idle timeout reached. Closing session
Test User Name Length
Description
Check that the user name length cannot not shorter than the minimum established
Scenario
Step 1: Set the following configuration in DUT0 :
set system login parameters user-min-length 5 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Set the following configuration in DUT0 and expect this output:
set system login parameters user-min-length 5 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set system login user usl4 authentication encrypted-password '$6$.et231fyghE0byvM$busAxOQFytXuCdAXrlmwlNmy/mM5qtuyvjgSBjeGrZ7GqeWMPAbYjCSgGIFt0kDsb0sLrnC.5IjLZFKvviHL71'Show output
[ system login user usl4 ] Length of the user name has to be at least equal to 5 Commit validation failed CLI Error: Command error
Step 3: Set the following configuration in DUT0 :
set system login parameters user-min-length 5 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set system login user userlen8 authentication encrypted-password '$6$YuoUCd7G.y6rBboO$EN6l1TPHlE0R/YjfSRwYo4g7Z1EuaOreAGd0weFFVeEmOePGHxRn0GumTZfayU/PJ2opQG9tWDWZ9ERRLeYVT.'
Test Local User Max Sessions
Description
Check max sessions functionality through a Telnet and SSH connection from DUT1 and DUT2 devices to a local DUT0 user
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.0.0.1/24 set service ssh set service telnet set system login parameters max-sessions 1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 10.0.0.2/24 set service ssh set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Set the following configuration in DUT2 :
set interfaces ethernet eth0 address 10.0.0.3/24 set service telnet set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 4: Ping IP address 10.0.0.2 from DUT0:
admin@DUT0$ ping 10.0.0.2 count 1 size 56 timeout 1Show output
PING 10.0.0.2 (10.0.0.2) 56(84) bytes of data. 64 bytes from 10.0.0.2: icmp_seq=1 ttl=64 time=0.344 ms --- 10.0.0.2 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.344/0.344/0.344/0.000 ms
Step 5: Ping IP address 10.0.0.3 from DUT0:
admin@DUT0$ ping 10.0.0.3 count 1 size 56 timeout 1Show output
PING 10.0.0.3 (10.0.0.3) 56(84) bytes of data. 64 bytes from 10.0.0.3: icmp_seq=1 ttl=64 time=0.291 ms --- 10.0.0.3 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.291/0.291/0.291/0.000 ms
Note
There is already an open session so no other sessions should be allowed.
Step 6: Init a Telnet connection from DUT1 to IP address 10.0.0.1 :
admin@DUT1$ telnet 10.0.0.1Show output
Trying 10.0.0.1... Connected to 10.0.0.1. Escape character is '^]'. Linux 6.1.140 (osdx) (pts/0) osdx login: Password: Welcome to Teldat OSDx v4.2.7.0 This system includes free software. Contact Teldat for licenses information and source code. There were too many logins for 'admin'. Last login: Fri Oct 10 19:24:57 UTC 2025 on ttyS0 Permission denied Connection closed by foreign host. admin@osdx$
Step 7: Expect a failure in the following command:
Init an SSH connection from DUT2 to IP address 10.0.0.1 with the user admin:
admin@DUT2$ ssh admin@10.0.0.1 option StrictHostKeyChecking=no option UserKnownHostsFile=/dev/nullShow output
Warning: Permanently added '10.0.0.1' (ECDSA) to the list of known hosts. admin@10.0.0.1's password:
Note
Too many logins for ‘admin’:
Show output
' Welcome to Teldat OSDx v4.2.7.0 This system includes free software. Contact Teldat for licenses information and source code. There were too many logins for 'admin'. Last login: Fri Oct 10 19:25:09 2025 from ::ffff:10.0.0.2 Connection to 10.0.0.1 closed. CLI Error: Invalid token [option] CLI Error: Command error admin@osdx$' contains 'CLI Error'
Test Password Prompt Delay
Description
Check password prompt delay attempts through SSH connection
Scenario
Step 1: Set the following configuration in DUT0 :
set service ssh set service telnet set system login parameters password-prompt-delay 5 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Note
Try with incorrect password:
Note
Check that it fails:
Show output
Password: Login incorrect
Note
Try with correct password before waiting for the delay to end to check that it fails:
Note
Check that it fails:
Show output
No match found for 'Password:' in 20 seconds. Output: Login incorrect osdx login:
Note
Wait for 6 seconds
Note
Try with correct password:
Note
Chack that it succeeds:
Show output
Welcome to Teldat OSDx v4.2.7.0 This system includes free software. Contact Teldat for licenses information and source code. Last login: Fri Oct 10 19:25:12 UTC 2025 on ttyS0 admin@osdx$
Test No Reuse Passwords
Description
Check that the user cannot use a previously used password when the command no-reuse-passwords is configured.
Scenario
Note
Passwords are automatically encrypted.
Note
Set password: 1234
Step 1: Set the following configuration in DUT0 :
set system login parameters no-reuse-passwords set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set system login user test_user authentication encrypted-password '$6$mfTgfLeNGeNtR2jx$TWuat2ez.vz88JrstYMMlyDyNHkgjx6pwElKd0U57NJK.mjGqLfq..gQ0OL/u8yWe6s7mnd.AWX5NnreSsEt9/'
Note
Set password: 5678
Step 2: Modify the following configuration lines in DUT0 :
set system login user test_user authentication encrypted-password '$6$zwp/hTJBmyLpJ6/B$Db65KVlRKx1wRdhZecZm0r6BAoXxyMwFLNURSoFhbBamVsjhfBsqlRaQYVVzhrWruQqrmf2oeAs6REwpYWW4E/'
Note
Try to set password: 1234 to check that the user test_user_1 cannot use it again
Step 3: Run command set system login user test_user authentication plaintext-password 1234 at DUT0 and check if output contains the following tokens:
Password already usedShow output
Password already used Value validation failed CLI Error: Command error
Note
Delete ‘no-reuse-passwords’ command from configuration
Step 4: Run command delete system login parameters no-reuse-passwords at DUT0.
Note
Set password: 1234 to check that the user can use it again
Step 5: Modify the following configuration lines in DUT0 :
set system login user test_user authentication encrypted-password '$6$PaZfO3uOsQER4dZ0$o2YuvANspnbt/TsPk4uiigTPNvkCErmlZ1/vjG7fjGxF5TZ4dCDQGWGpMUQkMi4OsM.icISKVuROi3ZrD9d54.'
Test Password History
Description
Check that the user cannot use a previously used password when the command ‘no-reuse-passwords’ is configured but once the user is deleted, its user’s history is deleted too; and once the ‘no-reuse-passwords’ command is deleted, all users’ historys are deleted.
Scenario
Note
Passwords are automatically encrypted.
Note
Set password: 1234
Step 1: Set the following configuration in DUT0 :
set system login parameters no-reuse-passwords set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set system login user test_user authentication encrypted-password '$6$ybAqpqhPvWqwoW/W$EjhEeqnMSgS/aw6irAu0rUk6rnqyvTVH7RM3V9T9zvtX7K6nYPlBfsuNj2BopYLb87BmZz6lyhUzwqb2z0FEt0'
Step 2: Set the following configuration in DUT0 :
set system login parameters no-reuse-passwords set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set system login user test_user authentication encrypted-password '$6$ybAqpqhPvWqwoW/W$EjhEeqnMSgS/aw6irAu0rUk6rnqyvTVH7RM3V9T9zvtX7K6nYPlBfsuNj2BopYLb87BmZz6lyhUzwqb2z0FEt0' set system login user test_user_1 authentication encrypted-password '$6$Jxj/S/ydWtSyZMlM$.0i8oGCALlejBbxfCe1gDdn0peX7B8TMLl6JQBXLElu0i0Ls3A.Fcb5Ba4oEjKQYjeDQMr/AAo52SOPys73gI1'
Note
Set password: 5678
Step 3: Modify the following configuration lines in DUT0 :
set system login user test_user authentication encrypted-password '$6$Kc2momih4f6KlIql$uP/g8kYR3PFPpLMgnwXfB9NO/84yb6jfehBoNxDus8nn54I0r0xbFS9rOWyKAov.fbAvkrnpNY.QDwOpbSafs/' set system login user test_user_1 authentication encrypted-password '$6$84KFhrnUKLfbk6vt$POWm8lGAXavsFAelgS/o/sWPGnfKA.J3EyC/9DQ17Fn.L4jCjMYh0BC49zCf.1vkGPosePNZTDWDmnHOZcA8f/'
Note
Try to set password: 1234 to check that the user test_user cannot use it again
Step 4: Run command set system login user test_user authentication plaintext-password 1234 at DUT0 and check if output contains the following tokens:
Password already usedShow output
Password already used Value validation failed CLI Error: Command error
Step 5: Modify the following configuration lines in DUT0 :
delete system login user test_user
Note
Set password: 1234 to check that the user test_user can use it again
Step 6: Modify the following configuration lines in DUT0 :
set system login user test_user authentication encrypted-password '$6$F9GOYNXAJVZuBU6Y$M4iTBQNk5x.2SzMXbm6hWxmqoyKUvUzBcsJ41EPxBzOqoDoNdLokfXfDh7wtl9NQTfeC/QqigQAbkxass7NAh0'
Note
Try to set password: 1234 to check that the user test_user_1 cannot use it again
Step 7: Run command set system login user test_user_1 authentication plaintext-password 1234 at DUT0 and check if output contains the following tokens:
Password already usedShow output
Password already used Value validation failed CLI Error: Command error
Note
Delete ‘no-reuse-passwords’ command from configuration
Step 8: Run command delete system login parameters no-reuse-passwords at DUT0.
Note
Set password: 1234 to check that the user test_user_1 can use it again
Step 9: Modify the following configuration lines in DUT0 :
set system login user test_user_1 authentication encrypted-password '$6$3PBZWjiuCuzfI4IQ$SwBAAEs8XCf4fKtJrj9BenhOjx.KBxij/8ghSSohBRnDaVftBMwyLzH9A/Jduy6RnVGa/i4vuOqOaQHESeyGX1'
Test No Reuse Passwords Max Passwords
Description
Check that a password can be reused if it is no longer stored because the number of maximum passwords was exceded. Note that the passwords are not stored in the password history until they are changed, so the stored passwords are the ones that were used in the past; if the user is not able to change a password it is not stored.
Scenario
Note
Passwords are automatically encrypted.
Note
Set password: 1234
Step 1: Set the following configuration in DUT0 :
set system login parameters no-reuse-passwords max-passwords 2 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set system login user test_user authentication encrypted-password '$6$UF72cQEP.iGfqNAp$fN/N7p2LPVFdCfubAzd94IJXAkK1q5HUzl618tsmrYI3hjnCWSPlHHeiZ80cOHmxmIg9QPYUaCX1dEwLMRQ3w/'
Note
Set password: 5678
Step 2: Modify the following configuration lines in DUT0 :
set system login user test_user authentication encrypted-password '$6$yILLR51qf46B5BLj$sv90P9xzpGinV/jl1MdTqQ94VPgwUXVVY9blBsSeIL3A.yxtOOJZn/dp2BmqgFvqLHxFsseRLTYvS19qc9vyX0'
Note
Set password: 4321
Step 3: Modify the following configuration lines in DUT0 :
set system login user test_user authentication encrypted-password '$6$Yj06MSEn4H5Cakrn$.HveoHycFXx1UUWKPgxmoyzqFfo3XYoPBLvq.sx0sPNT9YokZF6dSVT6.KR7ieU8qKs8I553GnlYXzzdxPJXO.'
Note
Try to set password: 1234 to check that the user cannot use it again
Step 4: Run command set system login user test_user authentication plaintext-password 1234 at DUT0 and check if output contains the following tokens:
Password already usedShow output
Password already used Value validation failed CLI Error: Command error
Note
Set password: 8765
Step 5: Modify the following configuration lines in DUT0 :
set system login user test_user authentication encrypted-password '$6$75qi0.3bUG26JHkY$26z5rYnLLAylBkngNjSNhwqwr3jFz6cQlxirVQc/zZzf530DPQVHKg13MQ5SaCuRzs86HrCUtlPBWyVyX7ZEd.'
Note
Set password: 1234 to check that the user can use it again
Step 6: Modify the following configuration lines in DUT0 :
set system login user test_user authentication encrypted-password '$6$sZPl.c/UwoebPOZe$W1fkdhh9OT1t/DSzSxnHy/bKYo9pnlf5lkUstRQgrIEgCSgjDZJqYaR0Vx5bGVG290X6muzhqSelmsNibCHNX0'
Test No Reuse Passwords Max Age
Description
Check that a password can be reused if max age time has already passed.
Scenario
Note
Passwords are automatically encrypted.
Step 1: Run command set date 2025-03-04 00:00:00 at DUT0.
Note
Set password: 1234 and max-age 2 days
Step 2: Set the following configuration in DUT0 :
set system login parameters no-reuse-passwords max-age 2 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set system login user test_user authentication encrypted-password '$6$V3fUmH/oaIWap7fk$K.yuqGgBOxCCyL7gZuTJchVR70/rO0X2t7.tdTNTBV/7MgmEPGkYyhoSZ0jJ4QL7G5nm6PvXBI30fQtVbYh7./'
Note
Set password: 5678
Step 3: Modify the following configuration lines in DUT0 :
set system login user test_user authentication encrypted-password '$6$eHkRlELQpsuXPLKT$2Nq3gfktOflfH0xYWjbhQB1syWShfC8tEQlUIQRIkCy1F3XdltouBRQKC01fZfOpPQDvojPzH6sW7/n5hETEv1'
Note
Try to set password: 1234 to check that the user cannot use it again
Step 4: Run command set system login user test_user authentication plaintext-password 1234 at DUT0 and check if output contains the following tokens:
Password already usedShow output
Password already used Value validation failed CLI Error: Command error
Note
Change date to 2 days later
Step 5: Run command set date 2025-03-06 00:00:10 at DUT0.
Note
Set password: 1234 to check that the user can use it again
Step 6: Modify the following configuration lines in DUT0 :
set system login user test_user authentication encrypted-password '$6$QUb8AuBVS8yx4w8P$3Pb58h/5V8J8twGjCvOCWMbjRNR.GKoXN5.vbEBQaGDybOSmbKhfe8t2HS3hZc5c0gxCsleTLTFSeSFY3Xd/P0'