tacacs-server key
Syntax
tacacs-server key
no tacacs-server key
Description
The command
tacacs-server key
turns on the enhanced secure mode which uses the ciphertext for sensitive information during input.
After entering the command
hide-sensitive-data
, enable the enhanced secure mode for TACACS+ with the command
tacacs-server-key
to ensure enhanced security for sensitive information during input.
The
no
form of this command disables the enhanced secure mode of input for TACACS+.
Command context
config
Restrictions
-
This command is not allowed in enhanced secure mode.
Examples
Enabling
tacacs-server key
will hide sensitive information.
Switch(config)# tacacs-server key Enter key-str: ******** Re-enter key-str:********
TACACS+ key configuration with
include-credentials
.
Switch(config)# tacacs-server key Enter key-str: ******** Re-enter key-str: ******** Switch(config)# tacacs-server host 10.0.0.10 key Enter key-str: ******** Re-enter key-str: ******** Switch(config)# show include-credentials Stored in Configuration : Yes Enabled in Active Configuration : Yes Switch(config)# show encrypt-credentials Encryption : Disabled Pre-shared Key: none Switch(config)# show running-config Running configuration: ; J9850A Configuration Editor; Created on release #KB.16.03.0000x ; Ver #0f:7f.ff.bb.ff.7c.59.fc.7b.ff.ff.fc.ff.ff.3f.ef:45 hostname "HP-Switch-5406Rzl2" module A type j9989a module F type j9534a hide-sensitive-data include-credentials tacacs-server host 10.0.0.10 key "procurve" tacacs-server key "procurve" snmp-server community "public" unrestricted snmpv3 engineid "00:00:00:0b:00:00:a0:48:1c:f7:ee:00" oobm ip address dhcp-bootp exit vlan 1 name "DEFAULT_VLAN" untagged A1-A24,F1-F24 ip address dhcp-bootp exit Switch(config)# show tacacs Status and Counters - TACACS Information Deadtime(min) : 0 Timeout : 5 Source IP Selection : Outgoing Interface Encryption Key : procurve Server IP Addr Opens Closes Aborts Errors Pkts Rx Pkts Tx OOBM --------------- ------ ------ ------ ------ ------- ------- ---- 10.0.0.10 0 0 0 0 0 0 No
TACACS+ key configuration with
encrypt-credentials
.
Switch(config)# show encrypt-credentials Encryption : Enabled Pre-shared Key: none Switch(config)# show include-credentials Stored in Configuration : Yes Enabled in Active Configuration : Yes Switch(config)# tacacs-server key Enter key-str: ******** Re-enter key-str: ******** Switch(config)# tacacs-server host 10.0.0.10 key Enter key-str: ******** Re-enter key-str: ******** Switch(config)# show running-config Running configuration: ; J9850A Configuration Editor; Created on release #KB.16.03.0000x ; Ver #0f:7f.ff.bb.ff.7c.59.fc.7b.ff.ff.fc.ff.ff.3f.ef:45 ; encrypt-cred 38qcQq/OETUfXNO7/eGOb5TgG3IBzILkhHOspcJkM2Y/5JvgL27NSkoQGjVEPz5a hostname "HP-Switch-5406Rzl2" module A type j9989a module F type j9534a encrypt-credentials hide-sensitive-data include-credentials tacacs-server host 10.0.0.10 encrypted-key "6T8PEZYO7uz4gIaWdWUg23gEZAjO33D21I6V2KOTECk=" tacacs-server encrypted-key "HHa0HOmjKae6yzZ9Fn9JqZBuQhkGJV898+DHtb/3r9E=" snmp-server community "public" unrestricted snmpv3 engineid "00:00:00:0b:00:00:a0:48:1c:f7:ee:00" oobm ip address dhcp-bootp exit vlan 1 name "DEFAULT_VLAN" untagged A1-A24,F1-F24 ip address dhcp-bootp exit Switch(config)# show tacacs Status and Counters - TACACS Information Deadtime(min) : 0 Timeout : 5 Source IP Selection : Outgoing Interface Encryption Key : gJ5AeXfDFHJqjOOgOaa+NAmzneHDqs/aMqQuWsW01Qs= Server IP Addr Opens Closes Aborts Errors Pkts Rx Pkts Tx OOBM --------------- ------ ------ ------ ------ ------- ------- ---- 10.0.0.10 0 0 0 0 0 0 No
TACACS+ key configuration without
include-credentials
.
Switch(config)# hide-sensitive-data Switch(config)# tacacs-server key Enter key-str: ******** Re-enter key-str: ******** Switch(config)# tacacs-server host 10.0.0.10 key Enter key-str: ******** Re-enter key-str: ******** Switch(config)# show running-config Running configuration: ; J9850A Configuration Editor; Created on release #KB.16.03.0000x ; Ver #0f:7f.ff.bb.ff.7c.59.fc.7b.ff.ff.fc.ff.ff.3f.ef:45 hostname "HP-Switch-5406Rzl2" module A type j9989a module F type j9534a hide-sensitive-data tacacs-server host 10.0.0.10 key "test1" tacacs-server key "test" snmp-server community "public" unrestricted oobm ip address dhcp-bootp exit vlan 1 name "DEFAULT_VLAN" untagged A1-A24,F1-F24 ip address dhcp-bootp exit Switch(config)#show include-credentials Stored in Configuration : No Enabled in Active Configuration : N/A Switch(config)# show encrypt-credentials Encryption : Disabled Pre-shared Key: none Switch(config)# show tacacs Status and Counters - TACACS Information Deadtime(min) : 0 Timeout : 5 Source IP Selection : Outgoing Interface Encryption Key : procurve Server IP Addr Opens Closes Aborts Errors Pkts Rx Pkts Tx OOBM --------------- ------ ------ ------ ------ ------- ------- ---- 10.0.0.10 0 0 0 0 0 0 No
TACACS+ key configuration without
hide-sensitive-data
.
Switch(config)# tacacs-server key procurve Switch(config)# tacacs-server host 10.0.0.10 key procurve Switch(config)# show encrypt-credentials Encryption : Enabled Pre-shared Key: none Switch(config)# show running-config Running configuration: ; J9850A Configuration Editor; Created on release #KB.16.03.0000x ; Ver #0f:7f.ff.bb.ff.7c.59.fc.7b.ff.ff.fc.ff.ff.3f.ef:45 ; encrypt-cred 38qcQq/OETUfXNO7/eGOb5TgG3IBzILkhHOspcJkM2Y/5JvgL27NSkoQGjVEPz5a hostname "HP-Switch-5406Rzl2" module A type j9989a module F type j9534a encrypt-credentials tacacs-server host 10.0.0.10 encrypted-key "GU3k9AV3u4eKyxBERotdYG87TbHLyv1RxVBnP3KhDhs=" tacacs-server encrypted-key "7ViIcKdWMqJzWKDn/bT6AiAAehx3ASz+nldMZ9TI5eg=" snmp-server community "public" unrestricted oobm ip address dhcp-bootp exit vlan 1 name "DEFAULT_VLAN" untagged A1-A24,F1-F24 ip address dhcp-bootp exit Switch(config)# show tacacs Status and Counters - TACACS Information Deadtime(min) : 0 Timeout : 5 Source IP Selection : Outgoing Interface Encryption Key : gJ5AeXfDFHJqjOOgOaa+NAmzneHDqs/aMqQuWsW01Qs= Server IP Addr Opens Closes Aborts Errors Pkts Rx Pkts Tx OOBM --------------- ------ ------ ------ ------ ------- ------- ---- 10.0.0.10 0 0 0 0 0 0 No