|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: SSH on IOS (was RE: ABOVE.NET SECURITY TRUTHS?)
> > SSH version 1 is apparently supported in 12.0 as well (never played w/ it,
> > so dunno how well it works);
>
<snip>
>
> So just dont do a 'show slaveslot0:' over SSH :-) Anyone else have this
> problem? Works fine via console or (shudder) telnet..
>
>
<snip>
> SSH on 6509s , that would be great! Still fighting with the idea of
> running real IOS on 6500s, if the real IOS part contains SSH, you can bet
> I would upgrade sooner than later. Anyone running 'real' IOS on
> 6500s? Any gotchas or superbugs?
I have a VERY novel idea for you all and since noone has mentioned it,
here goes:
NOC----------Management Network---------SSH Drone
| | | |
Serial Lines -> | | | ---Router1
| | |--Switch1
| -Router2
-Switch2
I know. It's just too simple and it scales so very well so, it MUST be a
bad idea.
Even if you don't have a dedicated management network, you just put a box
that speaks SSH out there with serial access to your routers/switches.
If you DO have a management network, you connect that to it as well.
No matter what, you're secure to the SSH drone and if someone is in your
cabinets tapping the serial lines, you've got big physical security
problems to deal with and you had might as well flat out give up on
network security.
A Force Recon colonel once told me, "If it's a stupid idea, and it works,
it must not be a stupid idea."
---
John Fraizer
|