nanog mailing list archives

Re: SSH on the router - was( IT security people sleep well)

From: Henning Brauer <hb-nanog () bsws de>
Date: Mon, 7 Jun 2004 17:52:05 +0200


* Michael.Dillon () radianz com <Michael.Dillon () radianz com> [2004-06-07 14:15]:

complaining that cisco charges extra for such a critical component is 
exactly the right thing to do; it is fucking scary.

every damn network device which used to have telnet should ship with 
ssh, it's free.


Why?

The typical network architecture of an ISP sees routers located in
large clusters in a PoP or on a customer's site directly connected
to a PoP. Since it is dead simple to place a 1U Linux box or similar
SPARC server in a PoP to act as a secure gateway, why should router 
vendors encourage laziness and sloppiness?


ssh on the router doesn't make this - indeed wise - setup impossible or 
anything.

but get real: you don't have a secure box next to those little 26xx 
deployed at customer sites. Or 36x, or whatever.

Pointing out that one can work around the missing ssh on cisco devices 
doesn't solve the issue, it is still a workround.

-- 
Henning Brauer, BS Web Services, http://bsws.de
hb () bsws de - henning () openbsd org
Unix is very simple, but it takes a genius to understand the simplicity.
(Dennis Ritchie)

Current thread:

Re: IT security people sleep well, (continued)
- - - Re: IT security people sleep well Joel Jaeggli (Jun 04)
    - Site elimination service -:) - I received offer by 's'p'a'm' Alexei Roudnev (Jun 03)
    - Re: IT security people sleep well Paul Jakma (Jun 05)
    - Re: IT security people sleep well Mike Lewinski (Jun 05)
    - Re: IT security people sleep well Paul Jakma (Jun 05)
    - Re: IT security people sleep well Henning Brauer (Jun 06)
    - Re: IT security people sleep well Paul Jakma (Jun 06)
    - SSH on the router - was( IT security people sleep well) Michael . Dillon (Jun 07)
    - Re: SSH on the router - was( IT security people sleep well) Rubens Kuhl Jr. (Jun 07)
    - Re: SSH on the router - was( IT security people sleep well) Henry Linneweh (Jun 07)
    - Re: SSH on the router - was( IT security people sleep well) Henning Brauer (Jun 07)
    - Re: SSH on the router - was( IT security people sleep well) Alex Bligh (Jun 07)
    - Re: SSH on the router - was( IT security people sleep well) Edward B. Dreger (Jun 07)
    - Re: SSH on the router - was( IT security people sleep well) Michael . Dillon (Jun 08)
    - Re: SSH on the router - was( IT security people sleep well) Alexei Roudnev (Jun 08)
    - Re: SSH on the router - was( IT security people sleep well) Randy Bush (Jun 07)
    - Re: SSH on the router - was( IT security people sleep well) Alex Bligh (Jun 07)
    - Re: SSH on the router - was( IT security people sleep well) Randy Bush (Jun 07)
    - Re: SSH on the router - was( IT security people sleep well) Valdis . Kletnieks (Jun 07)
    - Re: SSH on the router - was( IT security people sleep well) Alex Bligh (Jun 07)
    - Re: SSH on the router - was( IT security people sleep well) Randy Bush (Jun 07)

(Thread continues...)