RE: SSH on the PIX..!!

From: Aamir Waheed (aamir_w@xxxxxxxxxxx)
Date: Fri Jan 19 2001 - 19:07:03 GMT-3

• Next message: Jason T. Rohm: "RE: IOS DHCP Server"
• Previous message: Lab Guy: "DLSW Ring-list and Bgroups"
• Maybe in reply to: Aamir Waheed: "SSH on the PIX..!!"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hi Scott,

You are right, and configuring SSH wasn't a problem here nor an issue, what
i was looking for was to be able to get users authenticated (by defining a
local database) without having to use either a TACACS or Radius, but of what
it seems, i don't have another option.

Hope this answers it,
Regards,
Aamir

>From: "Scott Morris" <smorris@mentortech.com>
>Reply-To: <smorris@mentortech.com>
>To: "'Andrew G. Mason'" <andrew@masontech.com>, "'Aamir Waheed'"
><aamir_w@hotmail.com>, <ccielab@groupstudy.com>
>Subject: RE: SSH on the PIX..!!
>Date: Fri, 19 Jan 2001 11:49:35 -0500
>
>Ok.. I'm confused now. Using AAA as a user database for telnet logins is
>FAR different than running SSH as a protocol. SSH is a Secure telnet (port
>22 instead of 23), and requires that the device (pix or whatever) actually
>do payload encryption on each packet sent.
>
>To my knowledge, the PIX software doesn't support this. If it did, or for
>those devices that do support SSH, the interaction with a local database
>(username) or AAA is irrelevant to the end result. Authentication can
>happen any which way, but whether it's secure or not is a different
>question...
>
>Scott
>
>-----Original Message-----
>From: nobody@groupstudy.com [mailto:nobody@groupstudy.com]On Behalf Of
>Andrew G. Mason
>Sent: Friday, January 19, 2001 11:05 AM
>To: Aamir Waheed; ccielab@groupstudy.com
>Subject: RE: SSH on the PIX..!!
>
>
>I have configured SSH on the PIX numerous times.
>
>You have to use TACACS+ or RADIUS as there is no support for a local user
>database.
>
>Cheers
>
>
>Andrew..
>
>-----Original Message-----
>From: nobody@groupstudy.com [mailto:nobody@groupstudy.com]On Behalf Of
>Sam Munzani
>Sent: 19 January 2001 15:43
>To: Aamir Waheed; ccielab@groupstudy.com
>Subject: Re: SSH on the PIX..!!
>
>
>I don't think PIX can have local database like routers. Cheapest way is
>have
>aaa commands in PIX with Radius auth. Have Windows 2000 server loaded with
>Radius services, This will let PIX authentication to windows 2000 user
>database.
>
>Sam
>
>
> > Hi All,
> >
> > Is it possible to configure user authentication without using any
> > authentication servers with SSH on PIX. If yes, how do I go about it, i
>know
> > on the router you can give aaa authentication local and define the
>username
> > and passwords but on the PIX its not taking the same aaa command.
> >
> > Would appreciate if you could send me a reply directly aswell.
> > Best Regards,
> > Aamir
> >
> > -=-=-=-=-=-=-
> >

• Next message: Jason T. Rohm: "RE: IOS DHCP Server"
• Previous message: Lab Guy: "DLSW Ring-list and Bgroups"
• Maybe in reply to: Aamir Waheed: "SSH on the PIX..!!"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:27:36 GMT-3