Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

service password-encryption command

I am trying to figure out how does the service password-encryption command work. Supposedly, if this command is set, it will enable the password encryption. On the other hand, the password encryption is also available in the "enable password" command by using the encryption type setting (usually, it's 7). How do these 2 differ?

Also, does the service password-encryption command available in the CatOS?

thanks.

1 ACCEPTED SOLUTION

Accepted Solutions
New Member

Re: service password-encryption command

Service password encryption only affects plain text passwords such as the line passwords or the enable password. This feature uses a simple substitution method to create a "secure" non-text password displayed in the configuration. The feature was added in version 10.0 of the IOS

http://www.cisco.com/univercd/cc/td/doc/product/software/ios123/123cgcr/secur_r/sec_r1g.htm#1070450

The enable secret password command, which was added in version 11.0 of the IOS is encrypted with the MD5 hashing algorithm and is ALWAYS encrypted. Note the command was added after service-password encryption command and it is NOT affected by the service-password encryption command.

http://www.cisco.com/univercd/cc/td/doc/product/software/ios123/123cgcr/secur_r/sec_d1g.htm#1070932

There is no password encryption command available in the CatOS because the passwords on the CatOS box are always encrypted and can NOT be displayed in plain text.

5 REPLIES
New Member

Re: service password-encryption command

The service-password encryption will encrypt all the passwords in running-config it can find, including enable password.

New Member

Re: service password-encryption command

Thanks. So, its usage is primarily to encrypt all the passwords in running-config, so they would not be in clear text and a stranger would not be able to read them? Is the command also available in CatOS?

thanks again

New Member

Re: service password-encryption command

Service password encryption only affects plain text passwords such as the line passwords or the enable password. This feature uses a simple substitution method to create a "secure" non-text password displayed in the configuration. The feature was added in version 10.0 of the IOS

http://www.cisco.com/univercd/cc/td/doc/product/software/ios123/123cgcr/secur_r/sec_r1g.htm#1070450

The enable secret password command, which was added in version 11.0 of the IOS is encrypted with the MD5 hashing algorithm and is ALWAYS encrypted. Note the command was added after service-password encryption command and it is NOT affected by the service-password encryption command.

http://www.cisco.com/univercd/cc/td/doc/product/software/ios123/123cgcr/secur_r/sec_d1g.htm#1070932

There is no password encryption command available in the CatOS because the passwords on the CatOS box are always encrypted and can NOT be displayed in plain text.

New Member

Re: service password-encryption command

thanks a lot - that answers my question.

New Member

Re: service password-encryption command

On the related subject, is there a way to encrypt the snmp community string on the IOS & CatOS?

thanks again

8404
Views
10
Helpful
5
Replies
CreatePlease login to create content