what command will prevent all unencrypted passwords from displaying in plain text in a configuration file?
The command you’re looking for is:
(config)# service password-encryption
Quick Scoop
On Cisco IOS devices, running service password-encryption tells the device
to encrypt all currently configured, plain-text passwords in the running
configuration. This includes things like console, VTY, and line passwords so
they no longer appear in clear text when you do a show running-config.
Think of it as flipping a switch: all those readable passwords get converted into type 7–style encrypted strings, which are at least not human-readable at a glance. It’s not strong cryptography by modern standards, but it does prevent casual viewing in plain text, which is exactly what the question is asking.
Why this specific command?
- Other options like
enable secret Secret_Passwordorenable secret Encrypted_Passwordonly protect the enable password, not all passwords in the config.
service password-encryptionapplies to all unencrypted line passwords already configured on the device.
- This is a classic CCNA / networking exam-style question, and the officially accepted correct answer is always
service password-encryption.
Mini example
-
You configure a console password:
line console 0
password cisco123
login -
Before encryption,
show running-configwill showpassword cisco123in plain text.
-
After you run:
config terminal
service password-encryption -
That same section will now show a scrambled, non-plain-text value instead of
cisco123.
Final exam-style answer:
(config)# service password-encryption
Note: Information gathered from public forums or data available on the internet and portrayed here.