Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. RANCID>
  3. Users
removing enable secret password - cisco
JRizzo at ea
Oct 25, 2001, 8:48 AM
Post #1 of 2 (2344 views)
Permalink
I hope this is not a stupid question...

I like how Rancid removes the encrypted passwords from the config, however
if "enable secret" is used, the encrypted password is not removed.

For a quick fix I modified line 880 of rancid(2.2b5).
from: /^(enable )?(password|passwd) / &&
to: /^(enable )?(password|passwd|secret) / &&

Am I overlooking a reason that the "enable secret" password should not be
removed from the configs?

If not can the enable secret password be removed in future versions of
rancid?

Thanks,
Joe
removing enable secret password - cisco [ In reply to ]
heas at shrubbery
Oct 25, 2001, 9:57 AM
Post #2 of 2 (2287 views)
Permalink
Thu, Oct 25, 2001 at 09:48:06AM -0700, Rizzo, Joe:
> I hope this is not a stupid question...
>
> I like how Rancid removes the encrypted passwords from the config, however
> if "enable secret" is used, the encrypted password is not removed.
>
> For a quick fix I modified line 880 of rancid(2.2b5).
> from: /^(enable )?(password|passwd) / &&
> to: /^(enable )?(password|passwd|secret) / &&
>
> Am I overlooking a reason that the "enable secret" password should not be
> removed from the configs?

it is not a reversable format, hence we did not see the need to remove it.
a brute force method can be applied (there was one done in ~97 w/ N machines
that took months).

> If not can the enable secret password be removed in future versions of
> rancid?

an option could be provided. say PASSWORDS=(YES | PARANOID)
filtering just reversable or all. if folks want or think that would be useful.

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal