automating username/password when ssh to cisco router
in [Cisco]
|
Prev: nat problem
Next: Logging issue in CiscoSecure ACS 4.2
From: Greg Andrews on 18 Apr 2008 14:58 Dave Uhring <daveuhring(a)yahoo.com> writes: >On Fri, 18 Apr 2008 18:11:06 +0000, Greg Andrews wrote: >> Dave Uhring <daveuhring(a)yahoo.com> writes: > >>>Just absurd, implementing only part of a well established protocol. >>> >>> >> What's absurd is the assumption that the storage of a public key must >> follow the pattern of Unix ssh implmentations on devices that are not >> Unix. > >You are quite right. Cisco is certainly entitled to break generally >accepted protocols. > Perhaps you and I are talking about different things. I would agree that a previous poster's description of scp failure is a bad thing. However, I've been talking about the storage of a public key. Which part of the SSH protocol says that public key storage must be in a file in a filesystem? -Greg -- Do NOT reply via e-mail. Reply in the newsgroup.
From: Dave Uhring on 18 Apr 2008 17:34 On Fri, 18 Apr 2008 18:58:31 +0000, Greg Andrews wrote: > Dave Uhring <daveuhring(a)yahoo.com> writes: >>You are quite right. Cisco is certainly entitled to break generally >>accepted protocols. >> >> > Perhaps you and I are talking about different things. I would agree > that a previous poster's description of scp failure is a bad thing. > However, I've been talking about the storage of a public key. Which > part of the SSH protocol says that public key storage must be in a file > in a filesystem? If not in a file then where? RFC4252 states that public key authentication is *required* in any SSH implementation and that key must be kept someplace. I suppose that Cisco could, at least theoretically, keep the public key stored in a condom attached to an RJ45 port : >
From: Richard B. Gilbert on 18 Apr 2008 18:04 Dave Uhring wrote: > On Fri, 18 Apr 2008 18:58:31 +0000, Greg Andrews wrote: >> Dave Uhring <daveuhring(a)yahoo.com> writes: > >>> You are quite right. Cisco is certainly entitled to break generally >>> accepted protocols. >>> >>> >> Perhaps you and I are talking about different things. I would agree >> that a previous poster's description of scp failure is a bad thing. >> However, I've been talking about the storage of a public key. Which >> part of the SSH protocol says that public key storage must be in a file >> in a filesystem? > > If not in a file then where? RFC4252 states that public key > authentication is *required* in any SSH implementation and that key must > be kept someplace. > > I suppose that Cisco could, at least theoretically, keep the public key > stored in a condom attached to an RJ45 port : > The last time I looked, routers did not come equipped with disk drives! No file system! Or, at least, none in the usual sense of the expression. It does have flash PROM, NVRAM, or some reasonable facsimile where it can store things like passwords and public or private keys, configuration info, etc. I think floppy disks have more storage!!
From: Ivan Marsh on 18 Apr 2008 18:21 On Fri, 18 Apr 2008 18:04:29 -0400, Richard B. Gilbert wrote: > Dave Uhring wrote: >> On Fri, 18 Apr 2008 18:58:31 +0000, Greg Andrews wrote: >>> Dave Uhring <daveuhring(a)yahoo.com> writes: >> >>>> You are quite right. Cisco is certainly entitled to break generally >>>> accepted protocols. >>>> >>>> >>> Perhaps you and I are talking about different things. I would agree >>> that a previous poster's description of scp failure is a bad thing. >>> However, I've been talking about the storage of a public key. Which >>> part of the SSH protocol says that public key storage must be in a >>> file in a filesystem? >> >> If not in a file then where? RFC4252 states that public key >> authentication is *required* in any SSH implementation and that key >> must be kept someplace. >> >> I suppose that Cisco could, at least theoretically, keep the public key >> stored in a condom attached to an RJ45 port : > > > The last time I looked, routers did not come equipped with disk drives! > No file system! Or, at least, none in the usual sense of the > expression. It does have flash PROM, NVRAM, or some reasonable > facsimile where it can store things like passwords and public or private > keys, configuration info, etc. I think floppy disks have more storage!! My routers have considerably more storage space than a floppy. PCMCIA Filesystem Compatibility Matrix and Filesystem Information http://www.cisco.com/en/US/products/hw/routers/ps341/products_tech_note09186a00800a7515.shtml -- "Remain calm, we're here to protect you!"
From: Greg Andrews on 18 Apr 2008 19:07
Dave Uhring <daveuhring(a)yahoo.com> writes: >On Fri, 18 Apr 2008 18:58:31 +0000, Greg Andrews wrote: >> Dave Uhring <daveuhring(a)yahoo.com> writes: > >>>You are quite right. Cisco is certainly entitled to break generally >>>accepted protocols. >>> >>> >> Perhaps you and I are talking about different things. I would agree >> that a previous poster's description of scp failure is a bad thing. >> However, I've been talking about the storage of a public key. Which >> part of the SSH protocol says that public key storage must be in a file >> in a filesystem? > >If not in a file then where? > In a database, for example. As long as the ssh server code can retrieve the key when needed, I don't see where the protocol cares what form the key storage takes. I'm not saying that would be a *good* place to store a private key, just that one could be stored there, and it wouldn't be updatable by merely uploading a file. -Greg -- Do NOT reply via e-mail. Reply in the newsgroup. |