Hi An easier option than getting a second hard drive w/ Linux installed on it (or dual booting) is to download a free SSH client like Putty from http://www.chiark.greenend.org.uk/~sgtatham/putty/. I've used it on Nt/2000/9.x workstations and it works great and it's a hundreds time better than that crappy Windows telnet client. As far as using SSH, if your router or switch will support it, use it! What scares me is the new intern down the hall or the over zealous help desk employee downloading a sniffer from the Internet (especially with all the awesome network analyzers available for free on the Internet today) and going to town.
Colin Kent Hundley wrote: > John, > > I don't know who told you that cisco's ssh sends passwords in the clear, but > that is false. It would not be ssh if it did this. Perhaps they are > confusing the fact that the first time you connect to an ssh server, you > must choose to accept the servers key and you must then verify that the key > is the correct key for that server. i.e. the first time you connect to a ssh > server you need to be certain that you are in fact connecting to the real > server. > > As for the 2500, it's true that they do not have ssh support. In general, > it seems that cisco is not working on providing support for anything that > uses 3DES on the 2500 platform. (they provide an image for IPSec, but only > for DES) > > My advice as for taking a laptop to remote sites would be to have a second > hard drive with linux on it for the simple reason that you can get a _ton_ > of security related tools, like ssh, for free. You can also get nice > sniffer programs, network mgmt. tools, etc. all free. You don't even > really have to be a big linux head to be able to install and use most of the > popular linux versions such as RedHat, Suse, Caldera, etc. > > Regards, > Kent > > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of > John Neiberger > Sent: Saturday, February 16, 2002 10:55 AM > To: [EMAIL PROTECTED] > Subject: Re: RE: Slightly OT: SSH Poll [7:35505] > > > When I said that it was a pain it meant that we'll have to > change some things operationally which, like most other > security measures, make things a little more difficult. Just > minor issues, no big deal. One example might be that if I go > to a remote site to do some work, I may not normally take a > laptop as I could simply telnet in from a workstation. That > capability would go away. Like I said, not a big deal at all. > > It seems that the primary reason we might use SSH--and the > reason mentioned by auditors--is to avoid sending passwords in > the clear. However, as someone else mentioned, the version of > SSH supported by Cisco sends passwords in the clear! If that's > not the case, please let me know. > > The other issue that I discovered after I made the original > post is that the 2500 series does not appear to support SSH and > we have mostly 2500s at our remote sites. Again, if I'm > mistaken there please let me know. > > Many thanks! > > Regards, > John > > http://neiby.home.attbi.com > > ---- On Sat, 16 Feb 2002, Kent Hundley > ([EMAIL PROTECTED]) wrote: > > >>John, >> >>I _always_ recommend using ssh instead of telnet wherever >> > possible. In > >>fact, I can't think of a single good reason not to use it for >> > in-band > >>management. I'm not sure I understand what you mean by it >> > being a pain > >>since you change passwords often. I don't see how using ssh >> > is any more > >>of >>a pain than using telnet, and its certainly more secure. >> >>I have seen clients whose security policies dictated the use >> > of ssh or, > >>if >>that were not possible, use of 2-factor authorization such as >> > securid. > >>I >>suspect most organizations are moving to the use of ssh or >> > have plans to > >>do >>so if they are in the least bit security conscious. >> >>Regards, >>Kent >> >>-----Original Message----- >>From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On >> > Behalf Of > >>John Neiberger >>Sent: Friday, February 15, 2002 8:07 AM >>To: [EMAIL PROTECTED] >>Subject: Slightly OT: SSH Poll [7:35505] >> >> >>I'm wondering how many of you are involved in networks that >> > use SSH > >>exclusively for router access. Since we're in the financial >> > sector, > >>external auditors continually suggest that this is >> > necessary. While > >>it's probably not a bad idea, I personally feel it's more of >> > pain that > >>it's worth, especially considering how often we change the >> > passwords. > >>But that's another matter altogether... >> >>So, are any of you using SSH exclusively in fairly large >> > networks? If > >>so, has it been working well for you? >> >>Thanks, >>John >> > [EMAIL PROTECTED] > >> > > > ________________________________________________ > Get your own "800" number > Voicemail, fax, email, and a lot more > http://www.ureach.com/reg/tag Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=36482&t=35505 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
