Allows you to encrypt all passwords on your router so they can not be easily guessed from your running-config.
This command uses a very weak encryption because the router has to be very quickly decode the passwords for its operation.
It is meant to prevent someone from looking over your shoulder and seeing the password, that is all.
In the below example we will set a password for telnet then we will encrypt it.
R2(config)#line vty 0 4 R2(config-line)#password cisco R2(config-line)#do sh run | sec vty line vty 0 4 password cisco login transport input telnet ssh
Now we will encrypt the password with service password-encryption
R2(config)#service password-encryption R2(config)#do sh run | sec vty line vty 0 4 password 7 060506324F41 login transport input telnet ssh
To illustrate how easy it is to decode the password, we will make a key chain like you would to authenticate RIP
R2(config)#key chain CRACK_ENCRYPTION R2(config-keychain)#key 1 R2(config-keychain-key)#key-string 7 060506324F41 R2#show key chain Key-chain CRACK_ENCRYPTION: key 1 — text “cisco” accept lifetime (always valid) – (always valid) [valid now] send lifetime (always valid) – (always valid) [valid now] R2#