From: Scott Morris (smorris@xxxxxxxxxxxxxx)
Date: Fri Jan 19 2001 - 13:49:35 GMT-3
Ok.. I'm confused now. Using AAA as a user database for telnet logins is
FAR different than running SSH as a protocol. SSH is a Secure telnet (port
22 instead of 23), and requires that the device (pix or whatever) actually
do payload encryption on each packet sent.
To my knowledge, the PIX software doesn't support this. If it did, or for
those devices that do support SSH, the interaction with a local database
(username) or AAA is irrelevant to the end result. Authentication can
happen any which way, but whether it's secure or not is a different
question...
Scott
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com]On Behalf Of
Andrew G. Mason
Sent: Friday, January 19, 2001 11:05 AM
To: Aamir Waheed; ccielab@groupstudy.com
Subject: RE: SSH on the PIX..!!
I have configured SSH on the PIX numerous times.
You have to use TACACS+ or RADIUS as there is no support for a local user
database.
Cheers
Andrew..
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com]On Behalf Of
Sam Munzani
Sent: 19 January 2001 15:43
To: Aamir Waheed; ccielab@groupstudy.com
Subject: Re: SSH on the PIX..!!
I don't think PIX can have local database like routers. Cheapest way is have
aaa commands in PIX with Radius auth. Have Windows 2000 server loaded with
Radius services, This will let PIX authentication to windows 2000 user
database.
Sam
> Hi All,
>
> Is it possible to configure user authentication without using any
> authentication servers with SSH on PIX. If yes, how do I go about it, i
know
> on the router you can give aaa authentication local and define the
username
> and passwords but on the PIX its not taking the same aaa command.
>
> Would appreciate if you could send me a reply directly aswell.
> Best Regards,
> Aamir
>
> -=-=-=-=-=-=-
This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:27:35 GMT-3