You want to encrypt passwords so that they do not appear in plain text in the router configuration file.
To enable password encryption on a router, use the service password-encryption configuration command:
configure terminalEnter configuration commands, one per line. End with CNTL/Z. Router1(config)#
line vty 0
line con 0Router1(config-line)#
line aux 0Router1(config-line)#
This command uses a weak, reversible encryption method to encipher VTY and enable passwords. Please see Recipe 3.5 for more details.
By default, the router stores all passwords in clear text and presents them in a human-readable format when you look at the router’s configuration. The service password-encryption command encrypts the passwords by using the Vigenere encryption algorithm. Unfortunately, the Vigenere encryption method is cryptographically weak and trivial to reverse, as we will illustrate in Recipe 3.5.
However, this functionality is still quite useful to prevent nosy neighbors from viewing passwords over your shoulder. As such, encrypting your passwords is still highly recommended in spite of the known weaknesses. You should be aware of the inherent weaknesses of this encryption scheme when ...