North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: Looking Glass Code
Hi Ariel If you really want to get paranoid - give the rsh privilege level 0 & then you really get to specify exactly what IOS commands can be run by the Looking Glass Regards Rafi P.S. AFAIK Cisco IOS SSH will only do telnet/rlogin type sessions - not single commands - for the really paranoid set up the telnet/rsh connection over encrypted IPSEC ;-) On Tue, 13 Mar 2001, Ariel Biener wrote: > > On Mon, 12 Mar 2001, Don Simpson wrote: > > > I have posted a list of such resources a while back (you can either look > it up in the archives, or I'll send it to you in private). > > About your concerns, I don't think automated telnet/ssh access (using some > script, which means you'll be storing the password for access somewhere on > the disk, either as a different file, or as a part of the code) is more > secure than rsh to a router with privilege level 1 (you can create a user, > and using the aaa new-model authentication model, you can create a > privilege level for that user, specifying exactly what commands that user > is allowed to use) for example. > > --Ariel > > > > > I have been thinking about putting together a looking glass site on my > > network and have looked at Ed Kern's (DIGEX) html and perl script but do not > > want to enable rsh (anywhere) and do not want to reinvent the wheel if not > > necessary. Has anyone seenan updated script written to use other access > > means like telnet or ssh to exchange CLI/commands and results with an IOS > > router? > > > > ---------------------------------------------- > > Don Simpson > > ---------------------------------------------- > > > > > > > > -- > Ariel Biener > e-mail: [email protected] > PGP(6.5.8) public key http://www.tau.ac.il/~ariel/pgp.html > > >
|