Re: How to secure ip ftp password and tacacs-server key in cisco?

ahmad.rz · ‎07-15-2022

Hi.

I checked the configurations for the tacacs-server password and the FTP password. The key and password are in clear text and are available to everyone. Is it possible to hash it?

Be quick and careful!

balaji.bandi · ‎07-16-2022

First of all, FTP itself is not secured over the network; anyone can sniff and capture information. if you looking to be secure your transfers - ensure use SCP or SFTP is advised.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Georg Pauwen · ‎07-16-2022

Hello,

as far as I recall, you can use the global commands below to make sure that all plaintext passwords (such as TACACS keys) are encrypted as type 6 passwords:

key config-key password-encrypt MASTER_KEY
password encryption aes

Just make sure you write down the key, because it apparently is not saved in the running configuration.

ahmad.rz · ‎07-16-2022

Thanks for your reply.

The only options available here are type 0 (encrypted) and 7 (hidden, but decryptable)!

(config)#tacacs-server key ?
0 Specifies an UNENCRYPTED key will follow
7 Specifies HIDDEN key will follow
LINE The UNENCRYPTED (cleartext) shared key

Be quick and careful!

Georg Pauwen · ‎07-17-2022

Hello,

you don't have 'key config-key password-encrypt' as a global option ? Which IOS version are you running ?

ahmad.rz · ‎07-25-2022

Yes I have in IOS 14.2, but how to work with it and then hash it?

Be quick and careful!