TACACS+ passkey encryption #13846
Labels
Comments
|
This is a new feature request, There is no one working on this currently. |
|
@judyjoseph...I can help with the implementation. I have already done it for our customers. |
|
It seems like there has been quite a bit of work on this issue: TACACS+ Passkey Encryption The work seems to have stalled out. Can we push to get this reviewed/revised/merged? I came across the same issue for RADIUS, having a common solution would be helpful. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Description
Configured TACACS+ passkey needs to be encrypted in running-config / config_db.json file for better security. Additionally, configured passkey should not be visible in the show output.
Steps to reproduce the issue:
Describe the results you received:
root@LEAF01:
# config tacacs passkey TEST# show run all | grep passkeyroot@LEAF01:
"passkey": "TEST" ----> [Visible in plain text format]
root@LEAF01:~# show tacacs
TACPLUS global auth_type pap (default)
TACPLUS global timeout 5 (default)
TACPLUS global passkey TEST. ----> [Visible in plain text format]
Describe the results you expected:
root@sonic:
# config tacacs passkey TEST# show run all | grep passkeyroot@sonic:
"passkey": "U2FsdGVkX1+59Ovn/BuZO8+v39F1FTIdl53aD3o9koo="
root@sonic:~# show tacacs
TACPLUS global auth_type pap (default)
TACPLUS global timeout 5 (default)
TACPLUS global passkey configured Yes
Output of
show version:admin@LEAF01:~$ show ver
SONiC Software Version: SONiC.202205.216163-e6fde1d9e
Distribution: Debian 11.6
Kernel: 5.10.0-18-2-amd64
Build commit: e6fde1d
Build date: Fri Feb 10 12:26:35 UTC 2023
Built by: AzDevOps@vmss-soni000GQU
Platform: x86_64-mlnx_msn2100-r0
HwSKU: ACS-MSN2100
ASIC: mellanox
ASIC Count: 1
Serial Number: MT1950X05002
Model Number: MSN2100-CB2FO
Hardware Revision: A2
Uptime: 20:20:06 up 16:20, 1 user, load average: 0.31, 0.30, 0.33
Date: Thu 16 Feb 2023 20:20:06
Docker images:
REPOSITORY TAG IMAGE ID SIZE
docker-syncd-mlnx 202205.216163-e6fde1d9e c795f76e1d73 903MB
docker-syncd-mlnx latest c795f76e1d73 903MB
docker-orchagent 202205.216163-e6fde1d9e d701431f2f00 519MB
docker-orchagent latest d701431f2f00 519MB
docker-fpm-frr 202205.216163-e6fde1d9e 3f86ce97f9ff 529MB
docker-fpm-frr latest 3f86ce97f9ff 529MB
docker-teamd 202205.216163-e6fde1d9e 96256f409620 500MB
docker-teamd latest 96256f409620 500MB
docker-macsec latest f3aad9927376 502MB
docker-platform-monitor 202205.216163-e6fde1d9e 1581c9b624da 908MB
docker-platform-monitor latest 1581c9b624da 908MB
docker-dhcp-relay latest 2afb5d283578 494MB
docker-sonic-telemetry 202205.216163-e6fde1d9e 9665adfde797 564MB
docker-sonic-telemetry latest 9665adfde797 564MB
docker-snmp 202205.216163-e6fde1d9e 29adf6411126 529MB
docker-snmp latest 29adf6411126 529MB
docker-lldp 202205.216163-e6fde1d9e ee0968fa56fa 526MB
docker-lldp latest ee0968fa56fa 526MB
docker-mux 202205.216163-e6fde1d9e 2f49afed8640 533MB
docker-mux latest 2f49afed8640 533MB
docker-database 202205.216163-e6fde1d9e 45d7b04cbdd2 484MB
docker-database latest 45d7b04cbdd2 484MB
docker-router-advertiser 202205.216163-e6fde1d9e 6c257b7bdd0b 484MB
docker-router-advertiser latest 6c257b7bdd0b 484MB
docker-nat 202205.216163-e6fde1d9e 3f50ea8cf328 471MB
docker-nat latest 3f50ea8cf328 471MB
docker-sflow 202205.216163-e6fde1d9e 2ddb73d297eb 469MB
docker-sflow latest 2ddb73d297eb 469MB
docker-sonic-mgmt-framework 202205.216163-e6fde1d9e 280c6d3efeae 598MB
docker-sonic-mgmt-framework latest 280c6d3efeae 598MB(paste your output here)
The text was updated successfully, but these errors were encountered: