SSH is available for a sub-set of Cisco routers. However, it is worth logging onto the Cisco web-site because there have been weaknesses identified in the SSH implementation. However, in later releases of IOS these should have now been fixed.
Here is a brief overview of SSH support taken from the Cisco website: Summary Four different Cisco product lines are susceptible to multiple vulnerabilities discovered in the Secure Shell (SSH) protocol version 1.5. These issues have been addressed, and fixes have been integrated into the Cisco products that support this protocol. By exploiting the weakness in the SSH protocol, it is possible to insert arbitrary commands into an established SSH session, collect information that may help in brute force key recovery, or brute force a session key. Affected product lines are: All devices running Cisco IOSŪ software supporting SSH. This includes routers and switches running Cisco IOS software. Catalyst 6000 switches running CatOS. Cisco PIX Firewall. Cisco 11000 Content Service Switch family. No other Cisco products are vulnerable. It is possible to mitigate this vulnerability by preventing, or having control over, the interception of SSH traffic. Many of these vulnerabilities have now been closed in subsequent software releases. All the information you will need to determine SSH support and detailed security alerts is available at the following URL http://www.cisco.com/warp/public/707/SSH-multiple-pub.html . This URL also provides information on the devices which won't support SSH. I hope this helps. Cheers, Mark Searle Executive Consultant Network Solutions & OSS Integration KPMG Service Provider Solutions mailto:[EMAIL PROTECTED] -----Original Message----- From: Led Slinger [mailto:[EMAIL PROTECTED]] Sent: 07 January 2002 16:23 To: [EMAIL PROTECTED] Subject: Securing Access to Cisco Routers I have been tasked with finding a solution to replace telnet for router access to a large group of Cisco Routers. Is SSH available for Cisco Routers or does anyone have a preferred solution for doing away with the vulnerability associated with telnet and core infrastructure components? Leds.... -- There's nothing wrong with Windows until you install it........ Email Disclaimer The information in this email is confidential and may be legally privileged. It is intended solely for the addressee. Access to this email by anyone else is unauthorised. If you are not the intended recipient, any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it, is prohibited and may be unlawful. When addressed to our clients any opinions or advice contained in this email are subject to the terms and conditions expressed in the governing KPMG client engagement letter.
