Viewing or Recovering Pre-Shared Keys (PSK) in plain text on a Cisco ASA

About 4 months ago I began taking a deep dive into Cisco Networking from my new job. Since then, I have obtained my Cisco Certified Systems Engineer certification. The first of many planned Cisco certifications for me. It’s been a ton of fun, but I’m always learning new commands to use on these devices. I’ll try to share the most useful non-common one’s for you.

One command that has been extremely helpful when setting up and troubleshooting VPNs is ‘more system:running-config

You probably already know that simply using the ‘show run’ command will display the PSK with asterisks (****). Running the ‘more system:running-config’ command will display the running configuration with unencrypted passwords, including the PSK. If the PSK wasn’t documented or you just need to verify, it can be proven very useful!

Another handy command when troubleshooting a problematic VPN is to turn on debug mode for the VPN.

debug crypto ca 20

If you’re not at the console, you will need to use the ‘terminal monitor’ (or simply ‘term mon’) command to see the output. Don’t forget to turn debug off when you are finished!

Install missing libmhash and libmcrypt on CentOS 6 or RHEL 6

I recently began making the migration to RHEL 6. So far so good, except for a few unexpected hurdles. One of these was installing PHP on my web servers. The issue is that libmcrypt and libmhash cannot be found in the default repositories. When I attempted to build PHP, I received the following error:

configure: error: mcrypt.h not found. Please reinstall libmcrypt

Attempting to install libmcrypt-devel with only the default repositories installed will lead to a frustrating ‘nothing to do’ result from yum.

The only solution that I have found short of compiling libmcrypt from source, is to install the EPEL repositories. EPEL to the rescue!

rpm -ivh http://download.fedoraproject.org/pub/epel/6/i386/epel-release-6-5.noarch.rpm

Once installed, ‘yum install libmcrypt-devel’ will work as expected and you can continue with your configuration.

Changing the Time Zone in CentOS and RHEL

I recently checked the time on one of my servers and realized that the time was WAY off. NTP was running and forcing an NTP update with “ntpdate -u ” only corrected the time by nanoseconds. I read the date and time again, this time a little closer. It turns out that the clock was set to a European time zone for some reason.

So how do you change the time zone on a Linux server? Baffled that I had never done this before, I wanted to share with you how I did this.

All options for time zones are listed throughout /usr/share/zoneinfo. You will need to browse this folder to find the time zone appropriate for your server. For me, it was “US/Central” but I could have also chosen “America/Chicago”.

Now that we know the location of our appropriate time zone file, we need to create a symlink (or simply replace) the existing active one which is located at /etc/localtime. I prefer a symlink to prevent duplicate files whenever possible. Also, creating a symbolic link will ensure that any time zone changes (such as when Daylight Savings Time occurs – this happened to the US in 2007) will be put into place correctly. Save yourself the trouble and just create a symlink :)

In my example, I will create a symbolic link for US/Central time. Change “US/Central” to your appropriate time zone. Create a backup of localtime if you wish first…

rm /etc/localtime
ln -s /usr/share/zoneinfo/America/Chicago /etc/localtime

Ta-da, your time zone is now changed. You can verify in a variety of ways, but the easiest would be to simply type ‘date’ at your command prompt.