Cisco SSH RE: [rescue] Pathetic TV shows and computers?

[Chris Byrne]

Fogg, James
Sent: To: 'rescue at sunhelp.org'
Subject: RE: [rescue] Pathetic TV shows and computers?
>
>Oh, and you can run SSH on your Cisco's now, but its a huge PITA the way
they do it.

I haven't got my hands on a router running the new IOS image yet, but I have
had TWO different CCIEs tell me that THEY couldn't get the things working
right. I mean how hard is it, foundry, F5, Extreme, Brocade, hell even
Lucent have had at least some products with SSH capability for years.


I wonder if that means that PIXs will finally get a working SSH as well? Of
course It's not quite as bad as Nokia on the IP series of firewalls where
you could only get to most of the functions for administration by the web
interface, yet they didn't include SSL until last year. You could SSH into
the box and run Lynx but no matter what SSH client I tried (or even direct
serial console through Hyperterm, minicom, rvs-com, and SecureCRT) what term
variable I set, what size I used etc... I could never get it to work right.
It would work, It would just be a pain in the ass and take forever.

Of course what really takes the cake is managing a PIX through the Global
Security Manager or whatever they are calling it this month. Its SNMP based.
Yes that's right, the primary management interface for the 'Cisco SecurePIX
Enterprise Security Appliance' is based on the second most insecure
protocol(s) known to man (the UNIX 'r' protocols being the most insecure).
Even better, PIX's suffer from SNMP privilege elevation bugs so even if
you're just monitoring with the damned thing it can still bite your ass.
Doncha love it.