October 18th, 2003, 09:02 PM
We have asked our Cisco reps before about this and they always claim that there was very little customer interest in adding a more suitable ssh to the routers (ie, customers need to B&C a little). Cisco does support ssh but it is protocol 1 with weak DES encryption (which thanks to tools like DSNIFF isn't much better than telnet). I also understand you can purchase an ssh that used protocol 2 for Cisco products; however, from what I have been told it is quite expensive...
I agree with the others though, proper ACL's on your VTY's (as well as other steps to properly secure your router) should mitigate most of your security problems.
There is only one constant, one universal, it is the only real truth: causality. Action. Reaction. Cause and effect...There is no escape from it, we are forever slaves to it. Our only hope, our only peace is to understand it, to understand the 'why'. 'Why' is what separates us from them, you from me. 'Why' is the only real social power, without it you are powerless.
(Merovingian - Matrix Reloaded)
October 20th, 2003, 12:17 PM
Re: Cisco router SSH
This is because Cisco expects you to administer your router using an IPSec connection. This way they don't need to secure some of the insecure methods (telnet, http etc.) for administrating your router. Since resources are a bit limited (on a router/switch) they're opting for more features based on networking not remote administration.
Originally posted here by shaded3l33t
Unless I'm mistaken, can someone tell me why Cisco routers(high end) don't have ssh and telnet instead of just telnet?
Experience is something you don't get until just after you need it.