Encrypting Router Passwords

By Dan DiNicolo, June 13th, 2006 Posted in CCNA Study Guide Chapter 07. Subscribe to our RSS Feed

Normally, passwords other than enable secret will appear in our configuration files in plain text. Even though you need to be in privileged mode to view the configuration files, encrypting all passwords is still a good idea. Eventually we’ll back up the configuration files to a network server, which means that other people may have the ability to access and view them.

The command used to manually encrypt passwords is service password-encryption. You can encrypt any password manually by first issuing this command from global configuration mode, and then changing passwords as you normally would. Once complete, enter the no service password-encryption command. In the example below, we have encrypted both the auxiliary and console port passwords.

toronto-1(config)#service password-encryption
toronto-1(config)#line con 0
toronto-1(config-line)#login
toronto-1(config-line)#password cisco1
toronto-1(config-line)#line aux 0
toronto-1(config-line)#login
toronto-1(config-line)#password cisco1
toronto-1(config-line)#exit
toronto-1(config)#no service password-encryption

After completing the steps listed, you can view the encrypted versions of the passwords by using the show running-config command. I have again truncated the output to show only the pertinent information.

toronto-1#show run
Building configuration...
Current configuration:
line con 0
password 7 01100F17580457
login
transport input none
line aux 0
password 7 03075218050070
login
transport input all
line vty 0 4
password cisco1
login
!
end

Notice that both the console and auxiliary passwords have been encrypted. The vty password has not, since we didn’t specify it while configuring the encrypted passwords. Viewing the startup configuration at this point would still show unencrypted versions of all these passwords. Why? Because we haven’t saved our changes to the startup-configuration, of course!

toronto-1#sh star
Using 790 out of 32762 bytes


line con 0
password cisco1
login
transport input none
line aux 0
password cisco1
login
transport input all
line vty 0 4
password cisco1
login
!
end

Remember that in order to save our changes, we need to save the running configuration to the startup configuration. In simple to remember shorthand, you can simply enter the command copy run star.

Written by Dan DiNicolo - Visit Website

All Tutorials by Category:

Entire site Copyright © 1999-2007 2000Trainers.com, all rights reserved.
Content on this site may not be copied or reproduced in any way without permission.

IT Showcase