10-9
Cisco ASA 5500 Series Configuration Guide using the CLI
Chapter10 Configuring Basic Settings
Configuring the Master Passphrase
Examples
In the following configuration example, no previous key is present:
hostname (config)# key config-key password-encryption 12345678
In the following configuration example, a key already exists:
Hostname (config)# key config-key password-encryption 23456789
Old key: 12345678
hostname (config)#
In the following configuration example, you want to key in interactively, but a key already exists. The
Old key, New key, and Confirm key prompts will appear on your screen if you enter the key config-key
password-encryption command and press Enter to access interactive mode.
hostname (config)# key config-key password-encryption
Old key: 12345678
New key: 23456789
Confirm key: 23456789
In the following example, you want to key in interactively, but no key is present. The New key and
Confirm key prompts will appear on your screen if you are in interactive mode.
hostname (config)# key config-key password-encryption
New key: 12345678
Confirm key: 12345678
Disabling the Master Passphrase
Disabling the master passphrase reverts encrypted passwords into plain text passwords. Removing the
passphrase might be useful if you downgrade to a previous software version that does not support
encrypted passwords.
Prerequisites
You must know the current master passphrase to disable it. If you do not know the passphrase, see
the “Recovering the Master Passphrase” section on page10-10.
This procedure will only be accepted in a secure session, that is, by Telnet, SSH, or ASDM via
HTTPS.