We have asked our Cisco reps before about this and they always claim that there was very little customer interest in adding a more suitable ssh to the routers (ie, customers need to B&C a little). Cisco does support ssh but it is protocol 1 with weak DES encryption (which thanks to tools like DSNIFF isn't much better than telnet). I also understand you can purchase an ssh that used protocol 2 for Cisco products; however, from what I have been told it is quite expensive...
I agree with the others though, proper ACL's on your VTY's (as well as other steps to properly secure your router) should mitigate most of your security problems.
October 20th, 2003, 01:17 PM
Re: Cisco router SSH
Originally posted here by shaded3l33t Unless I'm mistaken, can someone tell me why Cisco routers(high end) don't have ssh and telnet instead of just telnet?
This is because Cisco expects you to administer your router using an IPSec connection. This way they don't need to secure some of the insecure methods (telnet, http etc.) for administrating your router. Since resources are a bit limited (on a router/switch) they're opting for more features based on networking not remote administration.