North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

ssh access to cisco and "unfriendlies"

  • From: Jim Mercer
  • Date: Wed Nov 22 20:54:53 2000

i've been trying to get ssh access to cisco IOS 12.1.2 working, but no
matter what i do, the openssh client says "3des not supported by server".

so, i fired up a local copy of win32 SecureCRT, and use just "des" encryption,
and lo, and behold, it worked.

so, i started poking around and discovered that likely what i need is a
version of IOS with 3des support.

as i understand it, in order to get a 3des IOS, you need to agree to:

  We will not supply network services (e.g., running a virtual private
  network) to, or for government organizations/enterprises other than
  those of, or in: 

    Austria, Australia, Belgium, Canada, Czech Republic, Denmark, Finland,
    France, Germany, Greece, Hungary, Ireland, Italy, Japan, Luxembourg,
    Netherlands, New Zealand, Norway, Poland, Portugal, Spain, Sweden,
    Switzerland, United Kingdom, United States 

 without written authorization from Cisco Systems Inc. and/or the
 governments of the U.S., United Kingdom, and The Netherlands. 

now, considering some of my clients, i need to pay heed to this.

in smaller countries, the first and only internet service is generally
run by the PTT, which is usually a "government organization or enterprise".

that being said, i find it extremely draconian that i can't run a 3des IOS
on a router in Canada, if i supply network services in countries not on
that list.

so, when i go to set up a connection to Ghana, i am going to need Cisco's
permission if i want 3des ssh enabled on the canadian router?

and Brazil?

and Mexico?

[ Jim Mercer                 [email protected]              +1 416 410-5633 ]
[          Reptilian Research -- Longer Life through Colder Blood          ]
[  Don't be fooled by cheap Finnish imitations; BSD is the One True Code.  ]