03-29-2024 01:42 PM
If you run that command, would future cleartext passwords also be encrypted?
03-29-2024 01:49 PM
Hello @Garegin88 ,
if you add the command service password-encryption in your device config, all existing and future passwords will be encrypted. The encryption algorithm is not a sophisticated one, it's purpose is to make it harder for someone standing next to you when you do a show running-config to see your passwords.
Hope this helps.
03-29-2024 02:05 PM
Depending on your device it should encrypt current and future passwords however I have run across some models that it WONT encrypt Key-Chain passwords. Thats the only exception I've seen.
03-30-2024 12:21 PM
Hello,
just to add to what @David Ruess said, pre-shared keys (PSKs) for IPsec VPNs are another exception, they are not affected by the 'service password-encryption' command, e.g.:
crypto isakmp key secretkey address 1.1.1.1
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide