Service Password-Encryption Command on CISCO Router/Switch

Command

Service Password-Encryption

Use

Allows you to encrypt all passwords on your router so they can not be easily guessed from your running-config.
This command uses a very weak encryption because the router has to be very quickly decode the passwords for its operation.
It is meant to prevent someone from looking over your shoulder and seeing the password, that is all.

Syntax

R2(config)#service password-encryption

Example

In the below example we will set a password for telnet then we will encrypt it.

R2(config)#line vty 0 4
R2(config-line)#password cisco

R2(config-line)#do sh run | sec vty
line vty 0 4
password cisco
login
transport input telnet ssh

Now we will encrypt the password with service password-encryption

R2(config)#service password-encryption
R2(config)#do sh run | sec vty
line vty 0 4
password 7 060506324F41
login
transport input telnet ssh

To illustrate how easy it is to decode the password, we will make a key chain like you would to authenticate RIP

R2(config)#key chain CRACK_ENCRYPTION
R2(config-keychain)#key 1
R2(config-keychain-key)#key-string 7 060506324F41

R2#show key chain
Key-chain CRACK_ENCRYPTION:
key 1 — text “cisco”
accept lifetime (always valid) – (always valid) [valid now]
send lifetime (always valid) – (always valid) [valid now]
R2#

Related Articles

Leave a Reply

avatar