Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3219
Views
10
Helpful
5
Replies

ASA Startup Configuration Encrypted Text

Go to solution
fasteddye
Level 1
Level 1

‎04-06-2020 08:53 AM

I am looking for some guidance and/or explanation on how the running config and startup config treat encrypted text on an ASA5505.  I have noticed that if you issue a show running config, under aaa-server RADIUS config the key statement has ***** however if you issue a show startup config, under the aaa-server RADIUS config the same key statement is clear text. 

Is the just the behavior of how the running config and startup config are handled in an ASA?  Is there a way to change this behavior?

 

Thanks.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Cristian Matei
VIP Alumni
VIP Alumni
In response to fasteddye

‎04-06-2020 09:07 AM

Hi,

 

   On the ASA, the secure keys are not displayed in "show run" or "show start" by design, for security purposes, to prevent shoulder watching attacks on passwords. The way to see the clear-text password is by copying the config file to a remote TFTP/FTP server, or by running the command "more system:running-config".

  If you see the clear-text pass on "show start" it means you need to upgrade.

 

Regards,

Cristian Matei.

View solution in original post

5 Replies 5

Go to solution
Sheraz.Salim
VIP
VIP

‎04-06-2020 08:56 AM

run this command

 

more system:running-config

 

this will show your the passwords,

please do not forget to rate.

Go to solution
fasteddye
Level 1
Level 1
In response to Sheraz.Salim

‎04-06-2020 09:00 AM

I am not looking for the clear text passwords in the running config but wanted to know why the startup config shows the key in clear text.   

 

Thanks.

0 Helpful

Go to solution
Cristian Matei
VIP Alumni
VIP Alumni
In response to fasteddye

‎04-06-2020 09:07 AM

Hi,

 

   On the ASA, the secure keys are not displayed in "show run" or "show start" by design, for security purposes, to prevent shoulder watching attacks on passwords. The way to see the clear-text password is by copying the config file to a remote TFTP/FTP server, or by running the command "more system:running-config".

  If you see the clear-text pass on "show start" it means you need to upgrade.

 

Regards,

Cristian Matei.

Go to solution
fasteddye
Level 1
Level 1
In response to Cristian Matei

‎04-06-2020 09:19 AM

Looks like it is related to version. We are running some older code on these ASAs. The ASAs with 9.1(2) display clear text RADIUS key in startup config but the ASAs with 9.1(7) do not display clear text RADIUS key in startup config. We will be replacing these aging ASAs soon.

I appreciate the feedback !
0 Helpful

Go to solution
Cristian Matei
VIP Alumni
VIP Alumni
In response to fasteddye

‎04-06-2020 09:39 AM

Hi,

 

   If you get this different behaviour between 9.1(2) and (.1(7), this is most likely a bug, not a version issue.

 

Regards,

Cristian Matei.

0 Helpful
Customers Also Viewed These Support Documents