HPE Community
Aruba & ProVision-based
1755229 Members
4886 Online
108831 Solutions
New Discussion

Re: How to encrypt radius shared secret?

 
Packet-Ghost
Occasional Advisor

‎11-09-2012 02:52 AM

‎11-09-2012 02:52 AM

How to encrypt radius shared secret?

Hi,

 

I'm trying to figure out how to enter the radius shared secret in encrypted format either globaly or on the radius-server entry.

 

Usually I would enter:

radius-server host 10.0.0.100 key MySecret

 

The problem with this is that the key is visible in clear text when you do a "sh run" command. Is there any way to encrypt this so that it is not in clear text?

 

I'm looking at the doc's, and it says something about "encrypted-key" but I'm not able to actually figure it out.

 

We're running 5406zl's with ver. K.15.09.0004

 

Thanks,

 

K.

0 Kudos
4 REPLIES 4
Michael_Breuer
Esteemed Contributor

‎11-23-2012 05:00 AM

‎11-23-2012 05:00 AM

Re: How to encrypt radius shared secret?

Hello,

 

in your sofware version you can use the command:

 

HP5406(config)# encrypt-credentials

 

This command will encrypt all passwords and authentication keys including RADIUS keys.

 

Hope this will help you.

 

Best regards,

 

Michael

Ingentive Networks GmbH

http://www.ingentive.net

 

Ingentive Networks GmbH
0 Kudos
Diesel315
Occasional Visitor

‎12-24-2012 02:56 AM

‎12-24-2012 02:56 AM

Re: How to encrypt radius shared secret?

Hello everybody.

Bring up the subject. Prescribed command encrypt-credentials. Everything is great, but if you type the command show radius, then again, one can see this pre-shared key.

 

Any idea how to encrypt and there?

0 Kudos
lagp
Occasional Advisor

‎02-23-2013 10:29 AM

‎02-23-2013 10:29 AM

Re: How to encrypt radius shared secret?

I also noticed after adding the encrypted-credentials command to my HP 2910-al now running 15.08 still displays the radius key in clear text when I execute the command show radius.  I see the password is encrypted when viewing the running configuration.  Could not find any references in the guide "Access Security Guide W15.07" or in the following link

http://www.hp.com/rnd/pdfs/Hardening_ProCurve_Switches_White_Paper.pdf covering encrypting radius key.  May call HP and see what they have to say.

0 Kudos
Chrisd131313
Trusted Contributor

‎02-25-2013 01:02 AM

‎02-25-2013 01:02 AM

Re: How to encrypt radius shared secret?

Show Radius and Show run are only available to users with elevated privileges (enable). If you want certain users that have evelvated privileges not to see the radius key then you can restrict their access to certain commands. i.e show radius.

 

That will then allow you to control who can access this command but will still have elevated privileges to perform all other operations...

 

"Commands Authorization" can be found in the Access Security Guide documentation under section 6. RADIUS Authentication, Authorization and Accounting.

 

Hope this helps if you don'tget anywhere with HP.

 

-----------------------------------------------------

Don't forget to mark a post resolved if your question was answered.
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.