In order to enable SHA256 hashes for passwords, you have to be running a KB version of the OS, in order to use 'password non-plaintext-sha256'. I'm running KB.16.09.0015 to test this on an out-of-the-box switch.
If you're running a KB switch software version, you can have this in your config:
password operator user-name "operatoruser" sha256 "sha256 hash here"
password manager user-name "manageruser" sha256 "sha256 hash here"
password non-plaintext-sha256
------------------------------
Shawn Southern
------------------------------
Original Message:
Sent: Feb 20, 2020 03:44 PM
From: Valentin Voica
Subject: Password configured with sha256 option not working
Hello,
I try to harden the security of my Aruba 2930F switch by disabling SHA-1 and enabling SHA-256.
SW01(config)# password non-plaintext-sha256SW01(config)# password manager user-name admin sha256 [PASSWORD-STR]
When I try to logon from the client machine running Linux with OpenSSH legacy SHA-1 deactivated, I get:
$ ssh admin@10.10.10.10Unable to negotiate with 10.0.16.1 port 22: no matching key exchange method found. Their offer: diffie-hellman-group14-sha1
I did follow the ArubaOS Hardening Guide here but I may had missed something.