02-11-2004 10:16 AM - edited 03-02-2019 01:32 PM
I am trying to figure out how does the service password-encryption command work. Supposedly, if this command is set, it will enable the password encryption. On the other hand, the password encryption is also available in the "enable password" command by using the encryption type setting (usually, it's 7). How do these 2 differ?
Also, does the service password-encryption command available in the CatOS?
thanks.
Solved! Go to Solution.
02-11-2004 11:03 AM
Service password encryption only affects plain text passwords such as the line passwords or the enable password. This feature uses a simple substitution method to create a "secure" non-text password displayed in the configuration. The feature was added in version 10.0 of the IOS
http://www.cisco.com/univercd/cc/td/doc/product/software/ios123/123cgcr/secur_r/sec_r1g.htm#1070450
The enable secret password command, which was added in version 11.0 of the IOS is encrypted with the MD5 hashing algorithm and is ALWAYS encrypted. Note the command was added after service-password encryption command and it is NOT affected by the service-password encryption command.
http://www.cisco.com/univercd/cc/td/doc/product/software/ios123/123cgcr/secur_r/sec_d1g.htm#1070932
There is no password encryption command available in the CatOS because the passwords on the CatOS box are always encrypted and can NOT be displayed in plain text.
02-11-2004 10:55 AM
The service-password encryption will encrypt all the passwords in running-config it can find, including enable password.
02-11-2004 11:52 AM
Thanks. So, its usage is primarily to encrypt all the passwords in running-config, so they would not be in clear text and a stranger would not be able to read them? Is the command also available in CatOS?
thanks again
02-11-2004 11:03 AM
Service password encryption only affects plain text passwords such as the line passwords or the enable password. This feature uses a simple substitution method to create a "secure" non-text password displayed in the configuration. The feature was added in version 10.0 of the IOS
http://www.cisco.com/univercd/cc/td/doc/product/software/ios123/123cgcr/secur_r/sec_r1g.htm#1070450
The enable secret password command, which was added in version 11.0 of the IOS is encrypted with the MD5 hashing algorithm and is ALWAYS encrypted. Note the command was added after service-password encryption command and it is NOT affected by the service-password encryption command.
http://www.cisco.com/univercd/cc/td/doc/product/software/ios123/123cgcr/secur_r/sec_d1g.htm#1070932
There is no password encryption command available in the CatOS because the passwords on the CatOS box are always encrypted and can NOT be displayed in plain text.
02-11-2004 12:45 PM
thanks a lot - that answers my question.
02-11-2004 02:06 PM
On the related subject, is there a way to encrypt the snmp community string on the IOS & CatOS?
thanks again
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: