Page 1 of 2 12 LastLast
Results 1 to 10 of 12

Thread: Cisco router SSH

  1. #1
    Junior Member
    Join Date
    Oct 2003
    Posts
    18

    Cisco router SSH

    Unless I'm mistaken, can someone tell me why Cisco routers(high end) don't have ssh and telnet instead of just telnet?

  2. #2
    Senior Member
    Join Date
    Jul 2002
    Posts
    106
    they do have ssh capabilities. i came across some posts about it on the cisco site once. did you go through there knowledgebase? i'll see if i can't dig something up and post again when i find it.

    here you go
    http://www.cisco.com/univercd/cc/td/...21t1/sshv1.htm

    hope this helps.
    just making some minor adjustments to your system....

  3. #3
    Trumpet-Eared Gentoo Freak
    Join Date
    Jan 2003
    Posts
    992
    Thats one of those lame things you can do when you have nr.1 in the market.

    It bugs a lot of us i guess,
    Come and check out our wargame-site @ http://www.rootcontest.org
    We chat @ irc.smdc-network.org #lobby

  4. #4
    Junior Member
    Join Date
    Oct 2003
    Posts
    18

    until diaster strikes....

    I guess so.........thanks for the info...............I guess until someone hacker redirects some major communication backbone(BGP) and turns it against another because the sys admin telnetted into the box, we are stuck with simple ssh.......

  5. #5
    Senior Member
    Join Date
    Jan 2002
    Posts
    1,207
    You should put an access control list on the telnet to only allow it from the IPs of a few boxes on your local (switched) network. Then if you need to access it from somewhere else, ssh into your handy Linux box then telnet on to the cisco.

    In practice that should be ok, as I assume you don't need to go into the cisco that often anyway?

    Slarty

  6. #6
    Senior Member
    Join Date
    Jul 2002
    Posts
    106
    in addition to slarty's post. you could also connect to a box then connect to your router via a console cable, as long you you use a strong password, you should be golden and nobody will know you have the console connection unless you tell them. i've used that setup in the past without issues.
    just making some minor adjustments to your system....

  7. #7
    Senior Member
    Join Date
    Jan 2002
    Posts
    1,207
    There is no reason in principle why you should not connect a PC to the cisco using the console port (or aux if console connected elsewhere)

    But I've had trouble with this configuration in the past - on some PC hardware, rebooting the PC sends an unwanted break signal down the serial port - which on Sun hardware causes it to drop into the rom. I can't remember whether this will cause any adverse effect on cisco (only during startup perhaps?) - but something to bear in mind.

    Slarty

  8. #8
    Junior Member
    Join Date
    Oct 2003
    Posts
    18

    clarification

    those points are great.......however, I meant(should of made clear) that for those lazy Sys-Admins who don't want to walk the 1.5 feet to the box, they would rather just telnet/ssh into the box over the transmission medium(usual ethernet/BGP/TCP-IP, etc.......).......

  9. #9
    Senior Member
    Join Date
    Aug 2003
    Posts
    205
    shaded3l33t,

    Cisco IOS does support SSH. I believe they started supporting it with version 12.1(1)T with the IPSEC encryption image..

  10. #10
    Senior Member
    Join Date
    Oct 2002
    Posts
    1,130
    Well there's something I didn't know, but I can probably explain why.

    Cisco routers have hardware specifically designed to route packets, not to encrypt them. Thier processors only have a library of a couple of hundred instructions, as opposed to a P4 having hundreds of thousands. This limited instruction set does not allow the possibility of SSH.

    Another reason: every service running on a router (or any computing device) is a security risk, whether it is useful, or needed, or neither. Since routers do not need SSH in order to function, they are more secure without it. A host can encrypt data before sending it thier anyway. Why leave it to the router, and therby slow it down and open up more security holes?

    I think some newer version of thier IOS can support it now that the research is available o secure it and the power to support it. Personally, I would not use a router to encrypt data over a network for which I was responsible, for the reasons mentioned above. I would imagine many people feel the same way, so why would Cisco icorporate a feature which most people (I think) would not want or use?
    Government is like fire - a handy servant, but a dangerous master - George Washington
    Government is not reason, it is not eloquence - it is force. - George Washington.

    Join the UnError community!

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •