Hi, On Fri, May 09, 2008 at 06:41:05PM +0100, Colin Whittaker wrote: > The answer I have heard from Cisco is that doing so would place a > runtime dependancy on the storage. > It is reasonably safe to erase the nvram and format the flash on a > running box. If your authorised keys file was on the flash or nvram then > it failing would lock you out of the device. > > You could put the keys into the config but the config could get messy.
They seem to be able to handle that for things like IPSEC key material just fine (or with the system's RSA host keys). Sounds like major "we don't want to think about it, so we come back with valid-sounding bullshit" to me. Not like the SSH implementation in IOS is an example for well-behaving code otherwise... (I have a TAC case open since over a year on a SSH client bug - the case is "release pending" and everybody plays dead). gert -- USENET is *not* the non-clickable part of WWW! //www.muc.de/~gert/ Gert Doering - Munich, Germany [EMAIL PROTECTED] fax: +49-89-35655025 [EMAIL PROTECTED]
pgpLjWBJ4XEnV.pgp
Description: PGP signature
_______________________________________________ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/