Archive

Archive for the ‘IINS’ Category

How to view an encrypted pre-shared key in clear-text on a Cisco ASA

September 14th, 2012 No comments

If you ever have the need to recovered a pre-shared key from a Cisco ASA it is not as simple as it is on a router. Sadly simply issuing the show run command only presents you with a line of *****.

ASA_Firewall# show running-config

!– Output Omited

tunnel-group 10.1.1.1 type ipsec-l2l
tunnel-group 10.1.1.1 general-attributes
default-group-policy GroupPolicy_10.1.1.1
tunnel-groupĀ 10.1.1.1 ipsec-attributes
ikev1 pre-shared-key *****
!

!– Output Omited

Fortunately there is an easy way around this albeit not a extremely obvious one. To show the clear-text version of the pre-shared key simply issue the more system:running-config command and scroll down to the location of the key in your config and voila, unencrypted pre-shared key.

ASA_Firewall# more system:running-config

!– Output Omited

tunnel-group 10.1.1.1 type ipsec-l2l
tunnel-group 10.1.1.1 general-attributes
default-group-policy GroupPolicy_10.1.1.1
tunnel-group 10.1.1.1 ipsec-attributes
ikev1 pre-shared-key MySecretKey
!

!– Output Omited

Categories: Cisco, IINS Tags:

Configuring SSH on your Cisco Router

October 10th, 2011 No comments

Here are the basic steps to configure SSH on your Cisco Router including a few optional steps.

Router>enable
Password:
Router#conf t
Router(config)#hostname Rt1Lab
Rt1Lab(config)#ip domain-name lab.local
Rt1Lab(config)#crypto key generate rsa
The name for the keys will be: Rt1Lab.lab.local
Choose the size of the key modulus in the range of 360 to 2048 for your
General Purpose Keys. Choosing a key modulus greater than 512 may take
a few minutes.

How many bits in the modulus [512]: 1024
% Generating 1024 bit RSA keys, keys will be non-exportable…[OK]
Rt1Lab(config)#ip ssh authentication-retries 3 (optional, sets the number of bad login retries before disconnection)
Rt1Lab(config)#ip ssh time-out 60 (optional, sets the negotiation time in seconds which includes the time you have to enter the username and password at the login prompt before you get disconnected)
Rt1Lab(config)#username fred password cisco
Rt1Lab(config)#line vty 0 4
Rt1Lab(config-line)#transport input ssh
Rt1Lab(config-line)#login local
Rt1Lab(config-line)#exec-timeout 30 (optional, sets the idle time before disconnect from the VTY lines)
Rt1Lab(config-line)#end

Categories: CCNA Security, Cisco, IINS Tags: