07-15-2022 09:23 PM
Hi.
I checked the configurations for the tacacs-server password and the FTP password. The key and password are in clear text and are available to everyone. Is it possible to hash it?
07-16-2022 12:31 AM
First of all, FTP itself is not secured over the network; anyone can sniff and capture information. if you looking to be secure your transfers - ensure use SCP or SFTP is advised.
 
					
				
		
07-16-2022 01:27 AM
Hello,
as far as I recall, you can use the global commands below to make sure that all plaintext passwords (such as TACACS keys) are encrypted as type 6 passwords:
key config-key password-encrypt MASTER_KEY
password encryption aes
Just make sure you write down the key, because it apparently is not saved in the running configuration.
07-16-2022 09:03 PM
Thanks for your reply.
The only options available here are type 0 (encrypted) and 7 (hidden, but decryptable)!
(config)#tacacs-server key ?
0 Specifies an UNENCRYPTED key will follow
7 Specifies HIDDEN key will follow
LINE The UNENCRYPTED (cleartext) shared key
07-17-2022 12:47 AM
Hello,
you don't have 'key config-key password-encrypt' as a global option ? Which IOS version are you running ?
07-25-2022 01:42 AM
Yes I have in IOS 14.2, but how to work with it and then hash it?
 
					
				
				
			
		
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide