nanog mailing list archives
RE: SSH on IOS (was RE: ABOVE.NET SECURITY TRUTHS?)
From: "Roeland Meyer (E-mail)" <rmeyer () mhsc com>
Date: Fri, 28 Apr 2000 19:24:32 -0700
Actually doing that now, with a Linux box and an old Livingston PM2E. Linux box runs SSHD, the portmaster runs directly into console ports 'stead of modems. I figured that was obvious. However, I don't run a co-lo either. Most of my systems reside in them. This is okay, until your ladders have to run through semi-public space. There is also a 50 foot length restriction, on RS-232 lines, unless you like running at less than 115K baud. Also, figure the expense of the extra hardware. In my case, it was unused sunk-cost anyway (surplus, for you non-suits).
John Fraizer Sent: Friday, April 28, 2000 6:31 PMSSH version 1 is apparently supported in 12.0 as well(never played w/ it,so dunno how well it works);<snip>So just dont do a 'show slaveslot0:' over SSH :-) Anyoneelse have thisproblem? Works fine via console or (shudder) telnet..<snip>SSH on 6509s , that would be great! Still fighting with the idea of running real IOS on 6500s, if the real IOS part containsSSH, you can betI would upgrade sooner than later. Anyone running 'real' IOS on 6500s? Any gotchas or superbugs?I have a VERY novel idea for you all and since noone has mentioned it, here goes: NOC----------Management Network---------SSH Drone | | | | Serial Lines -> | | | ---Router1 | | |--Switch1 | -Router2 -Switch2 I know. It's just too simple and it scales so very well so, it MUST be a bad idea. Even if you don't have a dedicated management network, you just put a box that speaks SSH out there with serial access to your routers/switches. If you DO have a management network, you connect that to it as well. No matter what, you're secure to the SSH drone and if someone is in your cabinets tapping the serial lines, you've got big physical security problems to deal with and you had might as well flat out give up on network security. A Force Recon colonel once told me, "If it's a stupid idea, and it works, it must not be a stupid idea." --- John Fraizer
Current thread:
- Re: ABOVE.NET SECURITY TRUTHS?, (continued)
- Re: ABOVE.NET SECURITY TRUTHS? Joe Shaw (Apr 30)
- RE: ABOVE.NET SECURITY TRUTHS? Greene, Dylan (Apr 28)
- RE: ABOVE.NET SECURITY TRUTHS? Mr. James W. Laferriere (Apr 28)
- RE: ABOVE.NET SECURITY TRUTHS? Chris Cappuccio (Apr 28)
- Re: ABOVE.NET SECURITY TRUTHS? Michael Shields (Apr 28)
- Re: ABOVE.NET SECURITY TRUTHS? Mark Milhollan (Apr 30)
- RE: ABOVE.NET SECURITY TRUTHS? Roeland Meyer (E-mail) (Apr 28)
- RE: ABOVE.NET SECURITY TRUTHS? Mr. James W. Laferriere (Apr 28)
- RE: ABOVE.NET SECURITY TRUTHS? Roeland Meyer (E-mail) (Apr 28)
- SSH on IOS (was RE: ABOVE.NET SECURITY TRUTHS?) Jason Ackley (Apr 28)
- Re: SSH on IOS (was RE: ABOVE.NET SECURITY TRUTHS?) John Fraizer (Apr 28)
- RE: SSH on IOS (was RE: ABOVE.NET SECURITY TRUTHS?) Roeland Meyer (E-mail) (Apr 28)
- Re: ABOVE.NET SECURITY TRUTHS? dies (Apr 28)
- RE: ABOVE.NET SECURITY TRUTHS? Roeland Meyer (E-mail) (Apr 28)
- Re: ABOVE.NET SECURITY TRUTHS? Christopher B. Zydel (Apr 29)
- Re: ABOVE.NET SECURITY TRUTHS? Dave Crocker (Apr 29)
- Re: ABOVE.NET SECURITY TRUTHS? Henry R. Linneweh (Apr 29)
- RE: ABOVE.NET SECURITY TRUTHS? John Fraizer (Apr 28)