[35539] in North American Network Operators' Group
Re: Looking Glass Code
daemon@ATHENA.MIT.EDU (Ariel Biener)
Mon Mar 12 18:20:46 2001
Date: Tue, 13 Mar 2001 03:14:36 +0200 (IST)
From: Ariel Biener <ariel@fireball.tau.ac.il>
To: Don Simpson <don.simpson@factory23.com>
Cc: nanog@merit.edu
In-Reply-To: <000a01c0ab39$f58df260$97af783f@don>
Message-ID: <Pine.LNX.4.21_heb2.09.0103130312110.15717-100000@fireball.tau.ac.il>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Errors-To: owner-nanog-outgoing@merit.edu
On Mon, 12 Mar 2001, Don Simpson wrote:
I have posted a list of such resources a while back (you can either look
it up in the archives, or I'll send it to you in private).
About your concerns, I don't think automated telnet/ssh access (using some
script, which means you'll be storing the password for access somewhere on
the disk, either as a different file, or as a part of the code) is more
secure than rsh to a router with privilege level 1 (you can create a user,
and using the aaa new-model authentication model, you can create a
privilege level for that user, specifying exactly what commands that user
is allowed to use) for example.
--Ariel
>
> I have been thinking about putting together a looking glass site on my
> network and have looked at Ed Kern's (DIGEX) html and perl script but do not
> want to enable rsh (anywhere) and do not want to reinvent the wheel if not
> necessary. Has anyone seenan updated script written to use other access
> means like telnet or ssh to exchange CLI/commands and results with an IOS
> router?
>
> ----------------------------------------------
> Don Simpson
> ----------------------------------------------
>
>
>
--
Ariel Biener
e-mail: ariel@post.tau.ac.il
PGP(6.5.8) public key http://www.tau.ac.il/~ariel/pgp.html
