Cisco ASA – How to View pre-shared keys in plain text

As engineers, you don’t always document things as well as we should OR someone you work with is always “too busy” to document their work. This little trick will show you how to recover pre-shared keys on a Cisco Pix or ASA firewall.

Normally, you use the ’show run’ command to view the running configuration. Pre-shared keys are marked with an asterisk (*). To view the password unencrypted, type ‘more system:running-config’. This will display the full configuration with unencrypted passwords.

To bad actually that the pre-shared key of an Cisco VPN Client doesn’t show up in the latest ASA software version 8.2.2. the pre-shared keys of the VPN Tunnels are showed.

13 thoughts on “Cisco ASA – How to View pre-shared keys in plain text

  1. This is an old post, but you can also write the config to tftp and the save config file will show the PSK as well

  2. in the context how i see the pre-shared key ?
    the commad more system:running-config it’not present in the context but is present in system

    • if you do “more system:running-config” all encrypted password ( except the ones of the users and encrypted secret password ) are shown in configuration file.
      Pre-shared key is normally in the show running-config showed with *****

    • To view the complete config of a context (including PSK’s) you have to be in the system context (“changeto context system” if you’re not already there) and do a “more disk0:/.cfg. For instance, to view the whole admin context config the command would be “more disk0:/admin.cfg”.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s