[71049] in North American Network Operators' Group
Re: IT security people sleep well
daemon@ATHENA.MIT.EDU (Rafi Sadowsky)
Mon Jun 7 12:09:22 2004
Date: Mon, 7 Jun 2004 19:08:42 +0300 (IDT)
From: Rafi Sadowsky <rafi-nanog@meron.openu.ac.il>
To: Daniel Corbe <dcorbe@resultstel.com>
Cc: nanog@merit.edu
In-Reply-To: <40C47BCB.1080201@resultstel.com>
Errors-To: owner-nanog-outgoing@merit.edu
## On 2004-06-07 10:29 -0400 Daniel Corbe typed:
DC>
DC>
DC> You have to have an IOS image with the 3DES feature set to run ssh
Not quite: single DES will do fine
(if you use an SSH client that supports it)
--
Rafi
DC>
DC> Edward B. Dreger wrote:
DC>
DC> >DS> Date: Thu, 03 Jun 2004 17:56:55 -0400
DC> >DS> From: Daniel Senie
DC> >
DC> >
DC> >DS> Cisco 26xx, 36xx routers at least, current 12.3 IOS, no ssh
DC> >DS> support in the basic loads that I can find. Telnet is the
DC> >DS> only way in other than the console port.
True for(at least) 72XX and 75XX as well
SSH support is definitely in "IP IPSEC" (or or SP/SSH ;-) feature sets
DC> >
DC> >Correct. One must shell out more money for a bigger feature set
DC> >to obtain SSH. I don't recall specifics off the top of my head,
DC> >and don't have a javascript-cable machine handy to use Feature
DC> >Navigator[*], but certain { feature sets | trains } only support
DC> >SSHv1.
DC> >
DC> >[*] Quick gripe: Did anyone at Cisco ever consider that people
DC> > might like to use Feature Navigator without javascript?
DC> > What's next? Mandatory Flash Player?
DC> >
DC> >
DC> >Eddy
