service password-encryption command

Answered Question
Feb 11th, 2004

I am trying to figure out how does the service password-encryption command work. Supposedly, if this command is set, it will enable the password encryption. On the other hand, the password encryption is also available in the "enable password" command by using the encryption type setting (usually, it's 7). How do these 2 differ?

Also, does the service password-encryption command available in the CatOS?

thanks.

I have this problem too.
0 votes
Correct Answer by smcquerry about 10 years 2 months ago

Service password encryption only affects plain text passwords such as the line passwords or the enable password. This feature uses a simple substitution method to create a "secure" non-text password displayed in the configuration. The feature was added in version 10.0 of the IOS

http://www.cisco.com/univercd/cc/td/doc/product/software/ios123/123cgcr/secur_r/sec_r1g.htm#1070450

The enable secret password command, which was added in version 11.0 of the IOS is encrypted with the MD5 hashing algorithm and is ALWAYS encrypted. Note the command was added after service-password encryption command and it is NOT affected by the service-password encryption command.

http://www.cisco.com/univercd/cc/td/doc/product/software/ios123/123cgcr/secur_r/sec_d1g.htm#1070932

There is no password encryption command available in the CatOS because the passwords on the CatOS box are always encrypted and can NOT be displayed in plain text.

  • 1
  • 2
  • 3
  • 4
  • 5
Average Rating: 5 (2 ratings)
spejic Wed, 02/11/2004 - 10:55

The service-password encryption will encrypt all the passwords in running-config it can find, including enable password.

axfalk Wed, 02/11/2004 - 11:52

Thanks. So, its usage is primarily to encrypt all the passwords in running-config, so they would not be in clear text and a stranger would not be able to read them? Is the command also available in CatOS?

thanks again

Correct Answer
smcquerry Wed, 02/11/2004 - 11:03

Service password encryption only affects plain text passwords such as the line passwords or the enable password. This feature uses a simple substitution method to create a "secure" non-text password displayed in the configuration. The feature was added in version 10.0 of the IOS

http://www.cisco.com/univercd/cc/td/doc/product/software/ios123/123cgcr/secur_r/sec_r1g.htm#1070450

The enable secret password command, which was added in version 11.0 of the IOS is encrypted with the MD5 hashing algorithm and is ALWAYS encrypted. Note the command was added after service-password encryption command and it is NOT affected by the service-password encryption command.

http://www.cisco.com/univercd/cc/td/doc/product/software/ios123/123cgcr/secur_r/sec_d1g.htm#1070932

There is no password encryption command available in the CatOS because the passwords on the CatOS box are always encrypted and can NOT be displayed in plain text.

axfalk Wed, 02/11/2004 - 14:06

On the related subject, is there a way to encrypt the snmp community string on the IOS & CatOS?

thanks again

Actions

Login or Register to take actions

This Discussion

Posted February 11, 2004 at 10:16 AM
Stats:
Replies:5 Avg. Rating:5
Views:906 Votes:0
Shares:0
Tags: No tags.

Discussions Leaderboard

Rank Username Points
1 2,069
2 1,736
3 1,675
4 1,624
5 1,529