cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
5145
Views
0
Helpful
5
Replies

How to hide pre-shared keys in the running-config

insccisco
Level 1
Level 1

Hi guys,

I've covered almost all passwords by issuing the command 'service password-encryption'

However, there is still one key that I am still able to see when I do "show run" and that is the pre-shared key that my router uses to establish an IPSec tunnel.

What is the command to hide this key?

2 Accepted Solutions

Accepted Solutions

Hi Angel,

Depending on what software version you are running on the router, you can use the 'key config-key password-encrypt ' command (requires IOS 12.3(2)T or later). Here is a link to the documentation for this feature:

http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a00801f2336.shtml

Hope that helps.

-Mike

View solution in original post

Hi Angel,

I'm glad that worked for you. Here are a few links that discuss the command:

Command Reference:

http://www.cisco.com/en/US/docs/ios/12_3t/secur/command/reference/sec_k1gt.html#wp1179793

Configuration Example:

javascript:newWin('http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a00801f2336.shtml')

-Mike

View solution in original post

5 Replies 5

Hi Angel,

Depending on what software version you are running on the router, you can use the 'key config-key password-encrypt ' command (requires IOS 12.3(2)T or later). Here is a link to the documentation for this feature:

http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a00801f2336.shtml

Hope that helps.

-Mike

Mike, you're the best. thank you

this did the trick.

Can you send me a link where this new feature is explained in detail?

Hi Angel,

I'm glad that worked for you. Here are a few links that discuss the command:

Command Reference:

http://www.cisco.com/en/US/docs/ios/12_3t/secur/command/reference/sec_k1gt.html#wp1179793

Configuration Example:

javascript:newWin('http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a00801f2336.shtml')

-Mike

thank you

However, for precautionary reasons and a better understanding of how secure this is, where and how is the master key stored?

I entered the master key for aes encryption, rebooted the router and tried changing the master key. Router correctly knew what the old master key was, therefore, needs to store the password somewhere.

Thanks!

James