1-11
Cisco ASA Series CLI Configuration Guide
Chapter 1 Configuring Basic Settings
Configuring the Master Passphrase
To disable the master passphrase, perform the following steps:
Detailed Steps
Recovering the Master Passphrase
You cannot recover the master passphrase. If the master passphrase is lost or unknown, you can remove
it.
To remove the master passphrase, perform the following steps:
Command Purpose
Step 1
no key config-key password-encryption
[old_passphrase]]
Example:
hostname(config)# no key config-key
password-encryption
Warning! You have chosen to revert the
encrypted passwords to plain text. This
operation will expose passwords in the
configuration and therefore exercise caution
while viewing, storing, and copying
configuration.
Old key: bumblebee
Removes the master passphrase.
If you do not enter the passphrase in the command, you are
prompted for it.
Step 2
write memory
Example:
hostname(config)# write memory
Saves the runtime value of the master passphrase and the
resulting configuration. The non-volatile memory containing
the passphrase will be erased and overwritten with the 0xFF
pattern.
In multiple mode, the master passphrase is changed in the
system context configuration. As a result, the passwords in all
contexts will be affected. If the write memory command is not
entered in the system context mode, but not in all user contexts,
then the encrypted passwords in user contexts may be stale.
Alternatively, use the write memory all command in the
system context to save all configurations.
Command Purpose
Step 1
write erase
Example:
hostname(config)# write erase
Removes the master key and the configuration that includes the
encrypted passwords.
Step 2
reload
Example:
hostname(config)# reload
Reloads the ASA with the startup configuration, without any
master key or encrypted passwords.
To Next Page
Loading...
Need help?
General
