cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
79264
Views
21
Helpful
5
Replies

service password-encryption command

axfalk
Level 1
Level 1

I am trying to figure out how does the service password-encryption command work. Supposedly, if this command is set, it will enable the password encryption. On the other hand, the password encryption is also available in the "enable password" command by using the encryption type setting (usually, it's 7). How do these 2 differ?

Also, does the service password-encryption command available in the CatOS?

thanks.

1 Accepted Solution

Accepted Solutions

smcquerry
Level 1
Level 1

Service password encryption only affects plain text passwords such as the line passwords or the enable password. This feature uses a simple substitution method to create a "secure" non-text password displayed in the configuration. The feature was added in version 10.0 of the IOS

http://www.cisco.com/univercd/cc/td/doc/product/software/ios123/123cgcr/secur_r/sec_r1g.htm#1070450

The enable secret password command, which was added in version 11.0 of the IOS is encrypted with the MD5 hashing algorithm and is ALWAYS encrypted. Note the command was added after service-password encryption command and it is NOT affected by the service-password encryption command.

http://www.cisco.com/univercd/cc/td/doc/product/software/ios123/123cgcr/secur_r/sec_d1g.htm#1070932

There is no password encryption command available in the CatOS because the passwords on the CatOS box are always encrypted and can NOT be displayed in plain text.

View solution in original post

5 Replies 5

spejic
Level 1
Level 1

The service-password encryption will encrypt all the passwords in running-config it can find, including enable password.

Thanks. So, its usage is primarily to encrypt all the passwords in running-config, so they would not be in clear text and a stranger would not be able to read them? Is the command also available in CatOS?

thanks again

smcquerry
Level 1
Level 1

Service password encryption only affects plain text passwords such as the line passwords or the enable password. This feature uses a simple substitution method to create a "secure" non-text password displayed in the configuration. The feature was added in version 10.0 of the IOS

http://www.cisco.com/univercd/cc/td/doc/product/software/ios123/123cgcr/secur_r/sec_r1g.htm#1070450

The enable secret password command, which was added in version 11.0 of the IOS is encrypted with the MD5 hashing algorithm and is ALWAYS encrypted. Note the command was added after service-password encryption command and it is NOT affected by the service-password encryption command.

http://www.cisco.com/univercd/cc/td/doc/product/software/ios123/123cgcr/secur_r/sec_d1g.htm#1070932

There is no password encryption command available in the CatOS because the passwords on the CatOS box are always encrypted and can NOT be displayed in plain text.

thanks a lot - that answers my question.

On the related subject, is there a way to encrypt the snmp community string on the IOS & CatOS?

thanks again

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: