Setting up key for aaa-server

netspazz · ‎05-24-2018

I have a 5525 with radius configured. I recently had to configure from an existing config and in the process the aaa-sever key was corrupted. It is set as "key 8 <hash>" I can set the password using the "key <password>" and radius will work. I would like to encrypt the password using "key 8", as originally was set, but I cannot. If I use "key 8 <password>" I get the following, ERROR: Ciphertext <password> is not well formed. So the question is how do I convert my "key <password>" that works to "key 8 <hash>"?

thanks

johnd2310 · ‎05-24-2018

Hi,

You firewall is using Master Passphrase to encrypt passwords.

https://www.cisco.com/c/en/us/td/docs/security/asa/asa91/configuration/general/asa_91_general_config/basic_hostname_pw.html#78076

You should enter the Radius key as "key " and the firewall will convert that to "key 8 ". If you need to change the passphrase, have a look at the document i have referenced above.

Thanks

John

**Please rate posts you find helpful**

netspazz · ‎05-25-2018

That is what I would have thought, I should just enter the command "key <password>" it should show up as "key 8 <hash>", buts its not. I do have "password encryption aes" but I DON'T have a line with "key config-key password-encryption" in my config. On a side note this config was copied from one machine to another since the configurations just needed to be tweaked. Since this is another PAIR, I do have the "failover key 8 <hash>" that also is not working. I also set that with "key" and it did not <hash> with a key 8. It's like I need to re-config the encryption or reset it. I tried that on another machine and got locked out and had to reboot back to original config, strange.

-thnaks