John Baker <[EMAIL PROTECTED]> writes:

>  I'm certain was using the right command. The number 7 in the line tells 
> the router that a hidden key will follow.
> coltrane(config)#radius-server key ?
>   0     Specifies an UNENCRYPTED key will follow
>   7     Specifies HIDDEN key will follow
>   LINE  The UNENCRYPTED (cleartext) shared key
> Now at this point I actually got it to work. It turned out that in 
> trying to copy the extremely long number from the old config there was 
> an error.
> But I still don't know exactly what it is doing so I'm hoping somebody 
> can explain because I may want to change the key at some point.
> On the router end the key is configured with radius-server key 7 
> "54-character-key"
> On the radius server in clients.conf this client's secret = 
> "totally-different-26-character-key"
> Initially I thought that one side or the other would be like /etc/shadow 
> passwords or the garbled string you see looking at a enable secret 
> password in the cisco conf. That would account for them appearing 
> totally different. But just copying the old configuration straight works 
> so I guess not.

The Cisco type 7 "encryption" is just a local obfuscation of the
password to avoid accidental reading-over-the-shoulder. It is
"decrypted" by the router before it is used, so in fact both ends have
access to the same clear text password.

Please read if you think
this provides any security of any sort.


List info/subscribe/unsubscribe? See

Reply via email to