[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Syslog thru Firewall

To: firewalls@Lists.GNAC.NET
Subject: RE: Syslog thru Firewall
From: Mike Forrester <mikef@pocketlint.com>
Date: Mon, 14 Aug 2000 21:45:10 -0600

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

While going through the Cisco website for info on setting up ssh on some
test routers, I found references to 168-bit (3DES) ssh.  I've only been able
to find 168-bit IOS'es for ubr's.  Does anyone know if 168-bit ssh is
available for non-broadband routers?

I have 56-bit (DES) ssh running on our test routers.  Has anyone had any
problems using these "T" releases (12.1(1)T, 12.1(2)T, or 12.1(3)T) in
production?

Mike

> -----Original Message-----
> From: firewalls-owner@Lists.GNAC.NET
> [mailto:firewalls-owner@Lists.GNAC.NET]On Behalf Of Ben Nagy
> Sent: Monday, August 14, 2000 7:08 PM
> To: 'mht@clark.net'; firewalls@Lists.GNAC.NET
> Subject: RE: Syslog thru Firewall
>
>
> Nice idea but, sadly, not an option with Cisco routers. The only
> way you can
> get a level of security is to use something like command
> accounting with aaa
> (TACACS+ only) but that will NOT log things like access-list violations.
>
> Kerberos, where it's supported, is usually only used for
> authentication (it
> appears in AS configs etc). There's a kerberised Telnet app which uses
> encryption built into 11.3 onwards, I think, but only in the
> 56-bit images.
> Now that SSH is available in mainstream 12.1 that should fall by
> the wayside
> anyway.
>
> Cheers,
>
> --
> Ben Nagy
> Network Consultant, Volante Solutions
> PGP Key ID: 0x1A86E304  Mobile: +61 414 411 520
>
>
> > -----Original Message-----
> > From: mht@clark.net [mailto:mht@clark.net]
> > Sent: Tuesday, 15 August 2000 5:39 AM
> > To: tony_moran@hotmail.com; firewalls@lists.gnac.net
> > Subject: Re: Syslog thru Firewall
> >
> >
> > syslog with Kerberos.  Yeah, yeah, flame me, but is it quick
> > and works..
> > :)  Just ask Genuity (Site Patrol)
> -
> [To unsubscribe, send mail to majordomo@lists.gnac.net with
> "unsubscribe firewalls" in the body of the message.]
>

-
[To unsubscribe, send mail to majordomo@lists.gnac.net with
"unsubscribe firewalls" in the body of the message.]

Prev by Date: free vs. open -- summary and thanks
Next by Date: RE: Syslog thru Firewall
Prev by thread: RE: Syslog thru Firewall
Next by thread: RE: Syslog thru Firewall
Index(es):
- Date
- Thread