encrypt-credentials
Syntax
encrypt-credentials
no enrypt-credentialsDescription
Encrypts all passwords and authentication keys in show commands.
The
no form of this command removes encryption so that passwords and authentication keys are shown in plain text.
Command context
config
Examples
This example encrypts all credentials in show commands.
switch(config)#encrypt-credentials **** CAUTION **** This will encrypt all passwords and authentication keys. The encrypted credentials will not be understood by older software versions. The resulting config file cannot be used by older software versions. It also may break some of your existing user scripts. Before proceeding, please save a copy of your current config file, and associate the current config file with the older software version saved in flash memory. See "Best Practices for Software Updates" in the Release Notes. A config file with 'encrypt-credentials' may prevent previous software versions from booting. It may be necessary to reset the switch to factory defaults. To prevent this, remove the encrypt-credentials command or use an older config file. Save config and continue (y/n)? y switch(config)#tacacs-server key procurve switch(config)#show running-config Running configuration: ; J9850A Configuration Editor; Created on release #KB.xx.xx.0000x ; Ver #0f:7f.ff.bb.ff.7c.59.fc.7b.ff.ff.fc.ff.ff.3f.ef:45 ; encrypt-cred 38qcQq/OETUfXNO7/eGOb5TgG3IBzILkhHOspcJkM2Y /5JvgL27NSkoQGjVEPz5a hostname "Switch-5406Rzl2" module A type j9989a module F type j9534a encrypt-credentials tacacs-server encrypted-key "7ViIcKdWMqJzWKDn /bT6AiAAehx3ASz+nldMZ9TI5eg=" snmp-server community "public" unrestricted oobm ip address dhcp-bootp exit vlan 1 name "DEFAULT_VLAN" untagged A1-A24,F1-F24 ip address dhcp-bootp exit switch(config)#show tacacs Status and Counters - TACACS Information Deadtime(min) : 0 Timeout : 5 Source IP Selection : Outgoing Interface Encryption Key : 82qT9SBeCEs7iUtT7jSp /Jb2Xr5VMZPaB2YTveaq+F0= Server IP Addr Opens Closes Aborts Errors Pkts Rx Pkts Tx OOBM --------------- ------ ------ ------ ------ ------- ------- ----
Configuring the TACACS+ key with
encrypt-credentials.
switch(config)#encrypt-credentials
**** CAUTION ****
This will encrypt all passwords and authentication keys.
The encrypted credentials will not be understood by older software versions.
The resulting config file cannot be used by older software versions.
It also may break some of your existing user scripts.
Before proceeding, please save a copy of your current config file, and
associate the current config file with the older software version saved in
flash memory. See "Best Practices for Software Updates" in the Release Notes.
A config file with 'encrypt-credentials' may prevent previous software
versions from booting. It may be necessary to reset the switch to factory
defaults. To prevent this, remove the encrypt-credentials command or use
an older config file.
Save config and continue (y/n)? y
switch(config)#hide-sensitive-data
switch(config)#tacacs-server key
Enter key-str:********
Re-enter key-str:********
switch(config)#tacacs-server host 10.0.0.10 key
Enter key-str:********
Re-enter key-str:********
switch(config)#show include-credentials
Stored in Configuration : No
Enabled in Active Configuration : N/A
switch(config)#show encrypt-credentials
Encryption : Enabled
Pre-shared Key: none
switch(config)#show running-config
Running configuration:
; J9850A Configuration Editor; Created on release #KB.xx.xx.0000x
; Ver #0f:7f.ff.bb.ff.7c.59.fc.7b.ff.ff.fc.ff.ff.3f.ef:45
; encrypt-cred 38qcQq/OETUfXNO7/eGOb5TgG3IBzILkhHOspcJkM2Y/5JvgL27NSkoQGjVEPz5a
hostname "Switch-5406Rzl2"
module A type j9989a
module F type j9534a
encrypt-credentials
hide-sensitive-data
tacacs-server host 10.0.0.10 encrypted-key
"6T8PEZYO7uz4gIaWdWUg23gEZAjO33D21I6V2KOTECk="
tacacs-server encrypted-key "SV4/HLQCyOUoEspTiIEhsKPW21e6zfMDkJ1mdG8CrQc="
snmp-server community "public" unrestricted
oobm
ip address dhcp-bootp
exit
vlan 1
name "DEFAULT_VLAN"
untagged A1-A24,F1-F24
ip address dhcp-bootp
exit
switch(config)#show tacacs
Status and Counters - TACACS Information
Deadtime(min) : 0
Timeout : 5
Source IP Selection : Outgoing Interface
Encryption Key : gJ5AeXfDFHJqjOOgOaa+NAmzneHDqs/aMqQuWsW01Qs=
Server IP Addr Opens Closes Aborts Errors Pkts Rx Pkts Tx OOBM
--------------- ------ ------ ------ ------ ------- ------- ----
10.0.0.10 0 0 0 0 0 0 No