Like I said if an attacker is already in your firewall it's game over. Not having an SSH client isn't going to stop what comes next. <g> I'm all for security, however sometimes when troubleshooting customer issues from the firewall it would be nice a nice feature to have...
Thanks, Steve Di Bias- CCIE #32840 On Tue, Feb 19, 2013 at 4:21 PM, Matt Hill <[email protected]> wrote: > The fact that this host would be "trusted" AND also being able to ssh > from (ie have its key trusted too) is one of those. > > I am all in favour of my devices not having ssh clients on them. This > does not detract from the fact one should have inbound ACLs on your > VTYs :) > > Cheers, > Matt > > CCIE #22386 > CCSI #31207 > > On 20 February 2013 10:58, Steve Di Bias <[email protected]> wrote: > > Assuming someone hacks into your ASA, having an embedded SSH client > would be > > the least of your worries > > > > > > On Tuesday, February 19, 2013, Piotr Matusiak wrote: > >> > >> This is NOT missing feature. There is no TELNET/SSH client for purpose. > I > >> wouldn't like my ASA become a hop point to the rest of my network if > >> someones breaks in. > >> > >> Regards, > >> Piotr > >> > >> > >> On 2/19/13 10:45 PM, Jimmy Larsson wrote: > >> > >> That has annoyed me since forever as well... > >> > >> http://nat0.net/another-missing-asa-feature-telnet-and-ssh-client/ > >> > >> Best regards > >> Jimmy > >> > >> > >> 2013/2/19 cisco 2006 <[email protected]> > >> > >> > >> > >> ----- Forwarded Message ----- > >> From: cisco 2006 <[email protected]> > >> To: "[email protected]" > >> <[email protected]> > >> Sent: Tuesday, 19 February 2013, 20:32 > >> Subject: Fw: SSH session > >> > >> > >> > >> Dear Sir, > >> > >> I'm preparing for CCIE Security using IPexpert materials , and I have a > >> question about ssh session .The question is that : > >> Can I opening ssh from cisco asa to another like a switch ? > >> > >> Best Regards, > >> Israa > >> > >> > >> > >> > >> > >> _______________________________________________ > >> For more information regarding industry leading CCIE Lab training, > please > >> visit www.ipexpert.com > >> > >> Are you a CCNP or CCIE and looking for a job? Check out > >> www.PlatinumPlacement.com > >> > >> > >> > >> > >> -- > >> ------- > >> Jimmy Larsson > >> http://nat0.net > >> ------- > >> > >> > >> ___________________________________________ > > > > > > > > -- > > Thanks, > > Steve Di Bias- CCIE #32840 > > > > > > _______________________________________________ > > For more information regarding industry leading CCIE Lab training, please > > visit www.ipexpert.com > > > > Are you a CCNP or CCIE and looking for a job? Check out > > www.PlatinumPlacement.com >
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
