Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forĀ 
Search instead forĀ 
Did you mean:Ā 
cancel
Start a conversation
854
Views
1
Helpful
10
Replies

Hide Password in ASA Configuration Backupfile

Iglu18
Level 1
Level 1

ā€Ž05-22-2023 05:52 AM

Hi 

Does anyone know if and how a password can be hidden in the ASA backup configuration file. Password is mask doing "show running-config on the box itself"

We are using Firewpower Appliance an the ASDM on it.

Best regards
Iglu

Labels:
10 Replies 10

Sheraz.Salim
VIP
VIP

ā€Ž05-22-2023 06:07 AM

Have a look on this cisco good old document still very useful for this day even.

How to configure Master Passphrase on ASA 

please do not forget to rate.
0 Helpful

Iglu18
Level 1
Level 1
In response to Sheraz.Salim

ā€Ž05-22-2023 06:46 AM

Hi
Interesting Link but i just would like to have the password mask when I save the running-config via scp: or when i make a backup within ASDM.

And i have to make an addition. The only Password wich is in plain text is the "ldap-login-password"

0 Helpful

Sheraz.Salim
VIP
VIP
In response to Iglu18

ā€Ž05-22-2023 07:48 AM

I am not aware of something where you extract the configuration and it mask it. unless you do the master password as mentioned in previous post. Is your backup server is not secure? Just thinking you can zip the configuration with AES encryption.

please do not forget to rate.
0 Helpful

Sheraz.Salim
VIP
VIP
In response to Iglu18

ā€Ž05-22-2023 01:16 PM

Sorry I did not notice you mentined the Password for LDAP is showing in plain text. you can run this command this will encrypt the password "password-encryption aes"

The password encryption aes command enables password encryption and encrypts all user passwords

please do not forget to rate.
0 Helpful

Iglu18
Level 1
Level 1

ā€Ž06-23-2023 12:09 AM - edited ā€Ž06-23-2023 12:10 AM

hi everybody.

I had again some time to troubleshoot. Even after the input of password encryption aes nothing has changed.
When I view the backup file on my computer in notepad, the ldap-login password is displayed in plain text. It looks like there is no  way to mask it.

In the ASA with show run it is masked.

0 Helpful

MHM Cisco World
VIP
VIP
In response to Iglu18

ā€Ž06-23-2023 04:17 AM

it bug did you check link I share ?

0 Helpful

Iglu18
Level 1
Level 1
In response to MHM Cisco World

ā€Ž06-23-2023 04:23 AM

Is is not that bug. in show-run  on the box the password is masked.

In the config-file wich i backuped it is in clerartext.

0 Helpful

Iglu18
Level 1
Level 1

ā€Ž07-07-2023 06:42 AM

Hi Everybody

Is anyone able to test this in the own environment.
The Problem is when I backup the configuration file with copy running-config scp......
The configuration file on the SCP server shows the LDAP password in cleartext.

Regards

 

0 Helpful
Customers Also Viewed These Support Documents