Actually doing that now, with a Linux box and an old Livingston PM2E. Linux box runs SSHD, the portmaster runs directly into console ports 'stead of modems. I figured that was obvious. However, I don't run a co-lo either. Most of my systems reside in them. This is okay, until your ladders have to run through semi-public space. There is also a 50 foot length restriction, on RS-232 lines, unless you like running at less than 115K baud. Also, figure the expense of the extra hardware. In my case, it was unused sunk-cost anyway (surplus, for you non-suits).
John Fraizer Sent: Friday, April 28, 2000 6:31 PM
SSH version 1 is apparently supported in 12.0 as well (never played w/ it, so dunno how well it works);
<snip>
So just dont do a 'show slaveslot0:' over SSH :-) Anyone
else have this
problem? Works fine via console or (shudder) telnet..
<snip>
SSH on 6509s , that would be great! Still fighting with the idea of running real IOS on 6500s, if the real IOS part contains SSH, you can bet I would upgrade sooner than later. Anyone running 'real' IOS on 6500s? Any gotchas or superbugs?
I have a VERY novel idea for you all and since noone has mentioned it, here goes:
NOC----------Management Network---------SSH Drone | | | | Serial Lines -> | | | ---Router1 | | |--Switch1 | -Router2 -Switch2
I know. It's just too simple and it scales so very well so, it MUST be a bad idea.
Even if you don't have a dedicated management network, you just put a box that speaks SSH out there with serial access to your routers/switches.
If you DO have a management network, you connect that to it as well.
No matter what, you're secure to the SSH drone and if someone is in your cabinets tapping the serial lines, you've got big physical security problems to deal with and you had might as well flat out give up on network security.
A Force Recon colonel once told me, "If it's a stupid idea, and it works, it must not be a stupid idea."
--- John Fraizer