Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
5143
Views
0
Helpful
5
Replies

How to hide pre-shared keys in the running-config

Go to solution
insccisco
Level 1
Level 1

‎09-11-2008 12:31 PM - edited ‎03-09-2019 09:27 PM

Hi guys,

I've covered almost all passwords by issuing the command 'service password-encryption'

However, there is still one key that I am still able to see when I do "show run" and that is the pre-shared key that my router uses to establish an IPSec tunnel.

What is the command to hide this key?

Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
robertson.michael
Level 3
Level 3

‎09-11-2008 12:54 PM

Hi Angel,

Depending on what software version you are running on the router, you can use the 'key config-key password-encrypt ' command (requires IOS 12.3(2)T or later). Here is a link to the documentation for this feature:

http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a00801f2336.shtml

Hope that helps.

-Mike

View solution in original post

0 Helpful

Go to solution
robertson.michael
Level 3
Level 3
In response to insccisco

‎09-11-2008 02:16 PM

Hi Angel,

I'm glad that worked for you. Here are a few links that discuss the command:

Command Reference:

http://www.cisco.com/en/US/docs/ios/12_3t/secur/command/reference/sec_k1gt.html#wp1179793

Configuration Example:

javascript:newWin('http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a00801f2336.shtml')

-Mike

View solution in original post

0 Helpful
5 Replies 5

Go to solution
robertson.michael
Level 3
Level 3

‎09-11-2008 12:54 PM

Hi Angel,

Depending on what software version you are running on the router, you can use the 'key config-key password-encrypt ' command (requires IOS 12.3(2)T or later). Here is a link to the documentation for this feature:

http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a00801f2336.shtml

Hope that helps.

-Mike

0 Helpful

Go to solution
insccisco
Level 1
Level 1
In response to robertson.michael

‎09-11-2008 01:08 PM

Mike, you're the best. thank you

this did the trick.

Can you send me a link where this new feature is explained in detail?

0 Helpful

Go to solution
robertson.michael
Level 3
Level 3
In response to insccisco

‎09-11-2008 02:16 PM

Hi Angel,

I'm glad that worked for you. Here are a few links that discuss the command:

Command Reference:

http://www.cisco.com/en/US/docs/ios/12_3t/secur/command/reference/sec_k1gt.html#wp1179793

Configuration Example:

javascript:newWin('http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a00801f2336.shtml')

-Mike

0 Helpful

Go to solution
insccisco
Level 1
Level 1
In response to robertson.michael

‎09-11-2008 02:28 PM

thank you

0 Helpful

Go to solution
jamesgef
Level 1
Level 1
In response to insccisco

‎10-03-2008 12:30 PM

However, for precautionary reasons and a better understanding of how secure this is, where and how is the master key stored?

I entered the master key for aes encryption, rebooted the router and tried changing the master key. Router correctly knew what the old master key was, therefore, needs to store the password somewhere.

Thanks!

James

0 Helpful
Customers Also Viewed These Support Documents