First, you need to set your router up so it requires the enable command to raise your privileges.
enable secret <password>
You may already have this set, or possibly the old enable password command, which should be removed once you have set the enable secret (note that enable secret and enable password can't have the same value).
Now that's sorted, you can move on to setting up a user.
When you create a user, don't just do the logical thing:
username <username> priv <privilege> password <password>
as the password will be stored in clear text!
Use instead of password and it will be all sorted.
username <username> priv <privilege> secret <password>
For SSH (and telnet), things are slightly different.
SSH comes in on a VTY line, and does not encrypt the data by default.
To encrypt the password, type:
service password-encryption
line vty 0 4
password <password>
no service password-encryption
If you now view your config, you'll see that your password is encrypted.
line vty 0 4
access-class 1 in
exec-timeout 30 0
privilege level 15
password 7 03105E1C0A2F424F5E594B
login local
transport preferred ssh
transport input ssh
I hope you find this article useful. Please click on an advert to show your appreciation.