Michael wrote: > > m0gely wrote: >> If you're using an up-to-date sshd, and employ good password practices, >> what's the point of doing all this? Honest question. > > As the OP here's the background story.
AND - I'm freshly dragged into this problem and suspect I'm not being given all the needed information to understand our range of options. > > At work we manage several thousand switches and routers. > We're replacing our management platform with a new one. > There is an internal requirement to NEVER use clear text protocols. > > So to put a new IOS image on a Cisco device we use SCP. > > The new management app has two features: > it has the Cisco devices pull configs, images, everything > its default port for serving these resources is 8022 > > Complicating factors: > > The Cisco devices cannot be configured to SCP to a different port than 22[1] > We do normal management via ssh - aka port 22 > > In order to not confuse the beejesus out of all the groups that currently ssh > to boxes we are loath to move SSH to a non-standard port. > > Therefore: > > We want to have the incoming port 22 connection from switches and routers (we > know the IPs involved) redirected to port 8022 to connect with the management > app software. > > > [1] If you know otherwise and how, please share. > > -- > Michael Rasmussen > http://www.jamhome.us/ > Be Appropriate && Follow Your Curiosity > > _______________________________________________ > PLUG mailing list > [email protected] > http://lists.pdxlinux.org/mailman/listinfo/plug > > -- Michael Rasmussen http://www.jamhome.us/ Be Appropriate && Follow Your Curiosity _______________________________________________ PLUG mailing list [email protected] http://lists.pdxlinux.org/mailman/listinfo/plug
