From: Chris Butler (butlerc@xxxxxxxxxxxxxx)
Date: Thu Aug 29 2002 - 03:01:35 GMT-3
The enable secret is not crackable to my knowledge.
You could set up a captured shell use the menu commands. You can allow
them to display the configuration, but they can't do much else, other than
what you specifically allow. "NOTE: Don't forget your exit menu option,
or you will be trapped in Menu land."
We have a similar issue with security wanting to see our configs. They
can crack the first level password xxxxx 7, but they cannot crack the
enable secret password.
You could implement TACACS+ AAA with a shell access list to provide more
granular control. It is a much cleaner, and safer solution. Plus your
session is encrypted. Telnet is a clear text protocol, and passwords can
be sniffed.
.02.
CHris
> I have a remote location that is needing read only access to my router.
> I know you can decrypt the encrypted password in the show run and I
> want to eliminate the possibility of them doing that. What is the best
> way to accomplish this?
>
>
>
>
>
>
>
>
>
>
> ************************
> Jeremy Wright
> Network Analyst
> Archer Daniels Midland
> ja_wright@admworld.com
> (217)451-4063
>
> ************************
This archive was generated by hypermail 2.1.4 : Sat Sep 07 2002 - 19:48:41 GMT-3