Network Management

 View Only

  • 1.  IMC template for encrypting credentials on Procurve switches

    Posted Jun 15, 2016 03:01 AM
      |   view attached

    I am trying to use IMC to push configuration for encrypting credentials to all our Procurve switches. I have created a configuration template shown in the attachment and have made sure that all our switch models have been selected as applicable devices. When I deploy this template to a couple of test switches (2530 model) the deployment task shows succeeded as status, but when I logon to the switches with SSH and check the config, all credentials are still listed unencrypted. What am I doing wrong?



  • 2.  RE: IMC template for encrypting credentials on Procurve switches

    Posted Jun 15, 2016 01:57 PM

    The "Response Prompt" is "what should the CLI prompt show after the command is executed?". It is not the response that you type in (Y in this case).

    I don't have access to one of those devices right now. Does it offer any additional parameters for encrypt-credentials that will let it run the command without needing you to enter 'y'?



  • 3.  RE: IMC template for encrypting credentials on Procurve switches

    Posted Jun 15, 2016 02:08 PM

    This is the output from W.15.14.0013 on a 2910al

    sw-test-01(config)# encrypt-credentials
    pre-shared-key Set key for encrypting credentials in configuration.
    <cr>

    sw-test-01(config)# encrypt-credentials pre-shared-key
    hex Set key as 64 hexadecimal character string (32 bytes).
    plaintext Set key using a plaintext string (passphrase).

    sw-test-01(config)# encrypt-credentials

    **** CAUTION ****

    This will encrypt all passwords and authentication keys.

    The encrypted credentials will not be understood by older software versions.
    The resulting config file cannot be used by older software versions.
    It also may break some of your existing user scripts.

    Before proceeding, please save a copy of your current config file, and
    associate the current config file with the older software version saved in
    flash memory. See "Best Practices for Software Updates" in the Release Notes.

    A config file with 'encrypt-credentials' may prevent previous software
    versions from booting. It may be necessary to reset the switch to factory
    defaults. To prevent this, remove the encrypt-credentials command or use
    an older config file.

    Save config and continue (y/n)?



  • 4.  RE: IMC template for encrypting credentials on Procurve switches

    Posted Jun 16, 2016 05:41 AM

    I haven't found any options to force the "encrypt-credentials" command to run without confirmation. How would I create a config template in IMC in such a case where Y is needed as a response?



Related Content