While going through the Cisco website for info on setting up ssh on some
test routers, I found references to 168-bit (3DES) ssh. I've only been able
to find 168-bit IOS'es for ubr's. Does anyone know if 168-bit ssh is
available for non-broadband routers?
I have 56-bit (DES) ssh running on our test routers. Has anyone had any
problems using these "T" releases (12.1(1)T, 12.1(2)T, or 12.1(3)T) in
production?
Mike
> -----Original Message-----
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]]On Behalf Of Ben Nagy
> Sent: Monday, August 14, 2000 7:08 PM
> To: '[EMAIL PROTECTED]'; [EMAIL PROTECTED]
> Subject: RE: Syslog thru Firewall
>
>
> Nice idea but, sadly, not an option with Cisco routers. The only
> way you can
> get a level of security is to use something like command
> accounting with aaa
> (TACACS+ only) but that will NOT log things like access-list violations.
>
> Kerberos, where it's supported, is usually only used for
> authentication (it
> appears in AS configs etc). There's a kerberised Telnet app which uses
> encryption built into 11.3 onwards, I think, but only in the
> 56-bit images.
> Now that SSH is available in mainstream 12.1 that should fall by
> the wayside
> anyway.
>
> Cheers,
>
> --
> Ben Nagy
> Network Consultant, Volante Solutions
> PGP Key ID: 0x1A86E304 Mobile: +61 414 411 520
>
>
> > -----Original Message-----
> > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
> > Sent: Tuesday, 15 August 2000 5:39 AM
> > To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
> > Subject: Re: Syslog thru Firewall
> >
> >
> > syslog with Kerberos. Yeah, yeah, flame me, but is it quick
> > and works..
> > :) Just ask Genuity (Site Patrol)
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
>
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
