Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

How to hide pre-shared keys in the running-config

Hi guys,

I've covered almost all passwords by issuing the command 'service password-encryption'

However, there is still one key that I am still able to see when I do "show run" and that is the pre-shared key that my router uses to establish an IPSec tunnel.

What is the command to hide this key?

2 ACCEPTED SOLUTIONS

Accepted Solutions

Re: How to hide pre-shared keys in the running-config

Hi Angel,

Depending on what software version you are running on the router, you can use the 'key config-key password-encrypt ' command (requires IOS 12.3(2)T or later). Here is a link to the documentation for this feature:

http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a00801f2336.shtml

Hope that helps.

-Mike

Re: How to hide pre-shared keys in the running-config

Hi Angel,

I'm glad that worked for you. Here are a few links that discuss the command:

Command Reference:

http://www.cisco.com/en/US/docs/ios/12_3t/secur/command/reference/sec_k1gt.html#wp1179793

Configuration Example:

javascript:newWin('http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a00801f2336.shtml')

-Mike

5 REPLIES

Re: How to hide pre-shared keys in the running-config

Hi Angel,

Depending on what software version you are running on the router, you can use the 'key config-key password-encrypt ' command (requires IOS 12.3(2)T or later). Here is a link to the documentation for this feature:

http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a00801f2336.shtml

Hope that helps.

-Mike

New Member

Re: How to hide pre-shared keys in the running-config

Mike, you're the best. thank you

this did the trick.

Can you send me a link where this new feature is explained in detail?

Re: How to hide pre-shared keys in the running-config

Hi Angel,

I'm glad that worked for you. Here are a few links that discuss the command:

Command Reference:

http://www.cisco.com/en/US/docs/ios/12_3t/secur/command/reference/sec_k1gt.html#wp1179793

Configuration Example:

javascript:newWin('http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a00801f2336.shtml')

-Mike

New Member

Re: How to hide pre-shared keys in the running-config

thank you

New Member

Re: How to hide pre-shared keys in the running-config

However, for precautionary reasons and a better understanding of how secure this is, where and how is the master key stored?

I entered the master key for aes encryption, rebooted the router and tried changing the master key. Router correctly knew what the old master key was, therefore, needs to store the password somewhere.

Thanks!

James

1574
Views
0
Helpful
5
Replies