I ran into something strange while figuring out the best approach for finding the ospf authentication key in a running-cfg or saved-cfg-file & on a cisco ASA that's running in multi-context modes.
1st a copying via the "scp" of the running cfg DOES NOT display the authentication key. In fact copy the config via running to scp, shows completed, but it fails to actually write file to the target hosts. The same holds true of the saved context config.cfg file or a backup config file.
I also seen numerous "Resource temporarily unavailable " errors w/asa9.3.2
The above would indicate the copy was successful, but no file was found at the target when using the above copy and "scp". Now here's what was even stranger, when using "ftp" as the target it also "echos" the password to the screen.
So it seems like something is wrong with ssh/scp on the cisco ASA & the same with "ftp". I don't recall this behavior before with any previous earlier ASA.
The copying of the running or cfg file still don't show the "encrypted key" . I also found out with the backup command, the backup file also does not display the opsf authentication key as listed earlier
We also test the behavior on a asa running 9.3.1 and got different results. It failed with permission denied for both "scp" or "ftp". For ssh it had to deal with ssh key hash.
( behavior on 9.3.1 )
Probably time for a ticket with cisco TAC.
NSE ( Network Security Expert) and Route/Switching Engineer.
kfelix -----a----t---- socpuppets ---dot---com
=( * * )=