[28400] in North American Network Operators' Group
SSH on IOS (was RE: ABOVE.NET SECURITY TRUTHS?)
daemon@ATHENA.MIT.EDU (Jason Ackley)
Fri Apr 28 19:11:24 2000
Date: Fri, 28 Apr 2000 15:43:23 -0700 (PDT)
From: Jason Ackley <jason@ackley.net>
To: "Greene, Dylan" <DGreene@NaviSite.com>
Cc: "'Paul Froutan'" <pfroutan@rackspace.com>, rmeyer@mhsc.com,
nanog@merit.edu
In-Reply-To: <7C06EA1D5AAAD311B4EB00508B550B99014F7A2A@navexc01.and.navisite.com>
Message-ID: <Pine.BSI.4.21.0004281511590.10553-100000@llama.ackley.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Errors-To: owner-nanog-outgoing@merit.edu
On Fri, 28 Apr 2000, Greene, Dylan wrote:
> SSH version 1 is apparently supported in 12.0 as well (never played w/ it,
> so dunno how well it works);
It is in some of the 12.0(x) S trains (S == 'service provider')..
I am running 12.0(9)S on some 7507s and they have been doing fine (light
load). There are still some quirks tho at least in the release I am
running:
jason@web1:~$ ssh -l jason -c 3des x.y.z.1
jason@x.y.z.1's password:
r1>show slaveslot0:
-#- ED --type-- --crc--- -seek-- nlen -length- -----date/time------ name
1 .. image F5DA8D1A 6FCD3C 19 7195836 Jan 16 2000 08:31:12
rsp-jv-mz.111-27.CC
2 .. image D8598D7C F7BFD4 23 8909336 Mar 26 2000 09:21:21
rsp-k4pv-mz.120-9.S.bin
Local: Corrupted check bytes on input.
jason@web1:~$
So just dont do a 'show slaveslot0:' over SSH :-) Anyone else have this
problem? Works fine via console or (shudder) telnet..
As far as CPU load(from a show proc cpu):
PID Runtime(ms) Invoked uSecs 5Sec 1Min 5Min TTY Process
28 640 213 3004 0.00% 0.13% 0.12% 2 SSH Process
This is with little EXEC work, I did a few 'show int' then the 'show proc
cp'.
Memory(show proc mem):
PID TTY Allocated Freed Holding Getbufs Retbufs Process
28 2 603464 596892 13368 0 0 SSH Process
99 0 2089744 1218112 6892 0 0 SSH Event
handle
I would assume that the SSH processing happens only on the main CPU,
would be cool to offload it to one/some of the VIPs..
As far as SSH on other models, if you have ever tried to get IPsec /
crypto working on a 2500, you know why its a bad idea :)
SSH on 6509s , that would be great! Still fighting with the idea of
running real IOS on 6500s, if the real IOS part contains SSH, you can bet
I would upgrade sooner than later. Anyone running 'real' IOS on
6500s? Any gotchas or superbugs?
cheers,
--
jason
