IMC
cancel
Showing results for 
Search instead for 
Did you mean: 

IMC template for encrypting credentials on Procurve switches

 
TerjeAFK
Respected Contributor

IMC template for encrypting credentials on Procurve switches

I am trying to use IMC to push configuration for encrypting credentials to all our Procurve switches. I have created a configuration template shown in the attachment and have made sure that all our switch models have been selected as applicable devices. When I deploy this template to a couple of test switches (2530 model) the deployment task shows succeeded as status, but when I logon to the switches with SSH and check the config, all credentials are still listed unencrypted. What am I doing wrong?

3 REPLIES
LindsayHill
Honored Contributor

Re: IMC template for encrypting credentials on Procurve switches

The "Response Prompt" is "what should the CLI prompt show after the command is executed?". It is not the response that you type in (Y in this case).

I don't have access to one of those devices right now. Does it offer any additional parameters for encrypt-credentials that will let it run the command without needing you to enter 'y'?

NeilR
Respected Contributor

Re: IMC template for encrypting credentials on Procurve switches

This is the output from W.15.14.0013 on a 2910al

sw-test-01(config)# encrypt-credentials
pre-shared-key Set key for encrypting credentials in configuration.
<cr>

sw-test-01(config)# encrypt-credentials pre-shared-key
hex Set key as 64 hexadecimal character string (32 bytes).
plaintext Set key using a plaintext string (passphrase).

sw-test-01(config)# encrypt-credentials

**** CAUTION ****

This will encrypt all passwords and authentication keys.

The encrypted credentials will not be understood by older software versions.
The resulting config file cannot be used by older software versions.
It also may break some of your existing user scripts.

Before proceeding, please save a copy of your current config file, and
associate the current config file with the older software version saved in
flash memory. See "Best Practices for Software Updates" in the Release Notes.

A config file with 'encrypt-credentials' may prevent previous software
versions from booting. It may be necessary to reset the switch to factory
defaults. To prevent this, remove the encrypt-credentials command or use
an older config file.

Save config and continue (y/n)?

TerjeAFK
Respected Contributor

Re: IMC template for encrypting credentials on Procurve switches

I haven't found any options to force the "encrypt-credentials" command to run without confirmation. How would I create a config template in IMC in such a case where Y is needed as a response?