Recovering the master passphrase – Cisco ASA 5505 User Manual

10-10

Cisco ASA 5500 Series Configuration Guide using the CLI

Chapter 10 Configuring Basic Settings

Configuring the Master Passphrase

Detailed Steps

Recovering the Master Passphrase

You cannot recover the master passphrase.

If the master passphrase is lost or unknown, you can remove it using the write erase command followed
by the reload command. These commands remove the master key and the configuration that includes the
encrypted passwords.

Command

Purpose

Step 1

no key config-key password-encryption

[old_passphrase]]

Example:

hostname(config)# no key config-key

password-encryption

Warning! You have chosen to revert the

encrypted passwords to plain text. This

operation will expose passwords in the

configuration and therefore exercise caution

while viewing, storing, and copying

configuration.

Old key: bumblebee

Removes the master passphrase.

If you do not enter the passphrase in the command, you are
prompted for it.

Step 2

write memory

Example:

hostname(config)# write memory

Saves the run time value of the master passphrase and the
resulting configuration. The non-volatile memory containing
the passphrase will be erased and overwritten with the 0xFF
pattern.

In multiple mode the master passphrase is changed in the
system context configuration. As a result the passwords in all
contexts will be affected. If the write memory command is not
entered in the system context mode, but not in all user contexts,
then the encrypted passwords in user contexts may be stale.
Alternatively, use the write memory all command in the
system context to save all configurations.