[32480] in North American Network Operators' Group
ssh access to cisco and "unfriendlies"
daemon@ATHENA.MIT.EDU (Jim Mercer)
Wed Nov 22 20:54:07 2000
Date: Wed, 22 Nov 2000 20:52:14 -0500
From: Jim Mercer <jim@reptiles.org>
To: nanog@merit.edu
Message-ID: <20001122205214.V26137@reptiles.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Errors-To: owner-nanog-outgoing@merit.edu
i've been trying to get ssh access to cisco IOS 12.1.2 working, but no
matter what i do, the openssh client says "3des not supported by server".
so, i fired up a local copy of win32 SecureCRT, and use just "des" encryption,
and lo, and behold, it worked.
so, i started poking around and discovered that likely what i need is a
version of IOS with 3des support.
as i understand it, in order to get a 3des IOS, you need to agree to:
We will not supply network services (e.g., running a virtual private
network) to, or for government organizations/enterprises other than
those of, or in:
Austria, Australia, Belgium, Canada, Czech Republic, Denmark, Finland,
France, Germany, Greece, Hungary, Ireland, Italy, Japan, Luxembourg,
Netherlands, New Zealand, Norway, Poland, Portugal, Spain, Sweden,
Switzerland, United Kingdom, United States
without written authorization from Cisco Systems Inc. and/or the
governments of the U.S., United Kingdom, and The Netherlands.
now, considering some of my clients, i need to pay heed to this.
in smaller countries, the first and only internet service is generally
run by the PTT, which is usually a "government organization or enterprise".
that being said, i find it extremely draconian that i can't run a 3des IOS
on a router in Canada, if i supply network services in countries not on
that list.
so, when i go to set up a connection to Ghana, i am going to need Cisco's
permission if i want 3des ssh enabled on the canadian router?
and Brazil?
and Mexico?
--
[ Jim Mercer jim@reptiles.org +1 416 410-5633 ]
[ Reptilian Research -- Longer Life through Colder Blood ]
[ Don't be fooled by cheap Finnish imitations; BSD is the One True Code. ]
