1300 11 77 16 support@ramtech.net.au

OK. Admit it. How often do you need to recover a type 7 password quickly? about once a month for me (he said embarrassed). 😐

there are a few site that let you do it from a page but what if you don’t have easy access to the Web? Well, help is at hand. Here’s how to do it from right there in the IOS…

Let’s assume it’s something basic like your ISP password, but any password stored insecurely on the router with type 7 encryption is a candidate

interface Dialer3
 ppp chap password 7 094D4D1B1815070B1B0D17393C2B3A37
  1. Create a temporary Key Chain
  2. Add a Key to the chain
  3. Add a type 7 key-string to the key
  4. Show the chain to reveal the un-encrypted string
  5. Remove the Key Chain so as not to clutter your config with rubbish.
Router1(config)#key chain temp

Router1(config-keychain)#key 1

Router1(config-keychain-key)#key-string 7 094D4D1B1815070B1B0D17393C2B3A37
Router1(config)#do sh key chain temp
Key-chain temp:
    key 1 -- text "acrappypassword"
        accept lifetime (always valid) - (always valid) [valid now]
        send lifetime (always valid) - (always valid) [valid now]
Router1(config)#no key chain temp
Router1(config)#

And there you have it! Proof that passwords stored with type 7 encryption in the config really are crappy. 🙂