Re: SSH on the PIX..!!

From: Sam Munzani (sam@xxxxxxxxxxx)
Date: Fri Jan 19 2001 - 14:02:49 GMT-3

• Next message: Ron Zirst: "Re: CCIE, is it difficult? is it valuable? just one more IT certification"
• Previous message: Raymond Cheung: "off topic: web sites for Cisco memory/flash?"
• Maybe in reply to: Aamir Waheed: "SSH on the PIX..!!"
• Next in thread: Aamir Waheed: "RE: SSH on the PIX..!!"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

   
It works just like telnet authentication and PIX supports that now.

Sam

> Ok.. I'm confused now. Using AAA as a user database for telnet logins is
> FAR different than running SSH as a protocol. SSH is a Secure telnet
(port
> 22 instead of 23), and requires that the device (pix or whatever) actually
> do payload encryption on each packet sent.
>
> To my knowledge, the PIX software doesn't support this. If it did, or for
> those devices that do support SSH, the interaction with a local database
> (username) or AAA is irrelevant to the end result. Authentication can
> happen any which way, but whether it's secure or not is a different
> question...
>
> Scott
>
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com]On Behalf Of
> Andrew G. Mason
> Sent: Friday, January 19, 2001 11:05 AM
> To: Aamir Waheed; ccielab@groupstudy.com
> Subject: RE: SSH on the PIX..!!
>
>
> I have configured SSH on the PIX numerous times.
>
> You have to use TACACS+ or RADIUS as there is no support for a local user
> database.
>
> Cheers
>
>
> Andrew..
>
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com]On Behalf Of
> Sam Munzani
> Sent: 19 January 2001 15:43
> To: Aamir Waheed; ccielab@groupstudy.com
> Subject: Re: SSH on the PIX..!!
>
>
> I don't think PIX can have local database like routers. Cheapest way is
have
> aaa commands in PIX with Radius auth. Have Windows 2000 server loaded with
> Radius services, This will let PIX authentication to windows 2000 user
> database.
>
> Sam
>
>
> > Hi All,
> >
> > Is it possible to configure user authentication without using any
> > authentication servers with SSH on PIX. If yes, how do I go about it, i
> know
> > on the router you can give aaa authentication local and define the
> username
> > and passwords but on the PIX its not taking the same aaa command.
> >
> > Would appreciate if you could send me a reply directly aswell.
> > Best Regards,
> > Aamir
> >
> > -=-=-=-=-=-=-
> >

• Next message: Ron Zirst: "Re: CCIE, is it difficult? is it valuable? just one more IT certification"
• Previous message: Raymond Cheung: "off topic: web sites for Cisco memory/flash?"
• Maybe in reply to: Aamir Waheed: "SSH on the PIX..!!"
• Next in thread: Aamir Waheed: "RE: SSH on the PIX..!!"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:27:35 GMT-3