Firewall Wizards mailing list archives
RE: What's the deal with SSH? (was: PIX software release 5.2)
From: shewitt () cdw com
Date: Wed, 20 Sep 2000 20:55:00 -0500
Pardon my ignorance with this, but what's the big deal about using something like SecureCRT? That's basically a secure telnet, right? I do all my configuring of my PIXen from the inside interface, and I'm on a almost completely switched network. So, I'm not too concerned about somebody sniffing my telnet session. Do you use SSH to protect against people sniffing on local segments, or is the concern when going across the internet? Also, I only enable telnet on the inside interface, so I don't even worry about people connecting from the outside interface. Could somebody please shed some light on this? Thanks! --Scott
-----Original Message----- From: Daniel Linder [mailto:dan_linder () yahoo com] Sent: Tuesday, September 19, 2000 11:25 PM To: firewall-wizards () nfr net Subject: Re: [fw-wiz] PIX software release 5.2 --On Monday, September 18, 2000 10:54 AM -0500 shewitt () cdw com wrote:Anybody have any good / bad experiences with PIX 5.2(1)?--- Carson Gaspar <carson () tla org> wrote:It's working fine for me, so far. But it's a very small install, and we don't use WebSense. 5.2(1) adds SSH support (finally!), so that's a good reson to upgrade. Of course, you have to have a VPN licenseto use it(wonderful Cisco...). You can get a free 56-bit DES VPN license from Cisco, but have to pay for the 3-DES license. Oh, and you can only install the new license by re-loading the firmare on the PIX. Oh, andSSH-DES doesn'twork with Tatu's unix SSH-1 client (it does with SecureCRT, so I suspect the unix code to be at fault, but...). And OpenSSH doesn't support DES.I'll support Mr. Gaspar in his view of PIX 5.2(1). We have a small network with two pairs of PIX 520's setup in failover. It's not live yet so we have been playing with things and have succeeded in finding a bug related to the SSH key and failover (the key on the "returning" PIX is lost!), but I'll get along with that until the next release. It is kind of a hassle to have to re-load the firmware just to upgrade a key so do the 3DES upgrade before putting them into production (unless you can afford the down-time). I too have used SecureCRT under Windows 2000 and OpenSSH under Linux and don't have any complaints. Dan __________________________________________________ Do You Yahoo!? Send instant messages & get email alerts with Yahoo! Messenger. http://im.yahoo.com/ _______________________________________________ Firewall-wizards mailing list Firewall-wizards () nfr net http://www.nfr.net/mailman/listinfo/firewall-wizards
_______________________________________________ Firewall-wizards mailing list Firewall-wizards () nfr net http://www.nfr.net/mailman/listinfo/firewall-wizards
Current thread:
- RE: What's the deal with SSH? (was: PIX software release 5.2) shewitt (Sep 22)
- RE: What's the deal with SSH? (was: PIX software release 5.2) Carson Gaspar (Sep 22)
- <Possible follow-ups>
- RE: What's the deal with SSH? (was: PIX software release 5.2) sean . kelly (Sep 25)
- RE: What's the deal with SSH? (was: PIX software release 5.2) Robert Purdy (Sep 26)