Disabling the master passphrase – Cisco ASA 5505 User Manual

10-9

Cisco ASA 5500 Series Configuration Guide using the CLI

Chapter 10 Configuring Basic Settings

Configuring the Master Passphrase

Examples

In the following configuration example, no previous key is present:

hostname (config)# key config-key password-encryption 12345678

In the following configuration example, a key already exists:

Hostname (config)# key config-key password-encryption 23456789

Old key: 12345678

hostname (config)#

In the following configuration example, you want to key in interactively, but a key already exists. The
Old key, New key, and Confirm key prompts will appear on your screen if you enter the key config-key
password-encryption command and press Enter to access interactive mode.

hostname (config)# key config-key password-encryption

Old key: 12345678

New key: 23456789

Confirm key: 23456789

In the following example, you want to key in interactively, but no key is present. The New key and
Confirm key prompts will appear on your screen if you are in interactive mode.

hostname (config)# key config-key password-encryption

New key: 12345678

Confirm key: 12345678

Disabling the Master Passphrase

Disabling the master passphrase reverts encrypted passwords into plain text passwords. Removing the
passphrase might be useful if you downgrade to a previous software version that does not support
encrypted passwords.

Prerequisites

•

You must know the current master passphrase to disable it. If you do not know the passphrase, see
the

“Recovering the Master Passphrase” section on page 10-10

.

•

This procedure will only be accepted in a secure session, that is, by Telnet, SSH, or ASDM via
HTTPS.