Store hashed passwords for Openconnect local users

Hi Forum,

I think it would be good to have an option to store hashed passwords for local openconnect users.

set vpn openconnect authentication local-users username bob password-encrypted “$6$SALTxxx$HASHEDPWveWJL1brZmTcDj0H$0MLY28C8Rjq4TbDrvG5lOjXTrj6623nnsL”

which then gets added as new entry in
/config/user-data/ocpasswd

I posted this under Dev channel a while ago, but had problems realizing it by myself.
Would it please be possible to include this function as “hotfix” or additional package? Or maybe into the rolling release?
I think it would be useful, since through the API it would be possible to create a frontend for user password changes. But password storage in clear text in the config is unsecure. So I would rather hash the passwords on the frontend and send them hashed to the vyos device.

Thanks for the good implementation of openconnect so far.
It already works pretty good with radius and ldap for us.

Kind regards
Max

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.