North American Network Operators Group
Date Prev | Date Next |
Date Index |
Thread Index |
Author Index |
Historical
SSH on IOS (was RE: ABOVE.NET SECURITY TRUTHS?)
- From: Jason Ackley
- Date: Fri Apr 28 19:12:18 2000
On Fri, 28 Apr 2000, Greene, Dylan wrote:
> SSH version 1 is apparently supported in 12.0 as well (never played w/ it,
> so dunno how well it works);
It is in some of the 12.0(x) S trains (S == 'service provider')..
I am running 12.0(9)S on some 7507s and they have been doing fine (light
load). There are still some quirks tho at least in the release I am
running:
jason@web1:~$ ssh -l jason -c 3des x.y.z.1
jason@x.y.z.1's password:
r1>show slaveslot0:
-#- ED --type-- --crc--- -seek-- nlen -length- -----date/time------ name
1 .. image F5DA8D1A 6FCD3C 19 7195836 Jan 16 2000 08:31:12
rsp-jv-mz.111-27.CC
2 .. image D8598D7C F7BFD4 23 8909336 Mar 26 2000 09:21:21
rsp-k4pv-mz.120-9.S.bin
Local: Corrupted check bytes on input.
jason@web1:~$
So just dont do a 'show slaveslot0:' over SSH :-) Anyone else have this
problem? Works fine via console or (shudder) telnet..
As far as CPU load(from a show proc cpu):
PID Runtime(ms) Invoked uSecs 5Sec 1Min 5Min TTY Process
28 640 213 3004 0.00% 0.13% 0.12% 2 SSH Process
This is with little EXEC work, I did a few 'show int' then the 'show proc
cp'.
Memory(show proc mem):
PID TTY Allocated Freed Holding Getbufs Retbufs Process
28 2 603464 596892 13368 0 0 SSH Process
99 0 2089744 1218112 6892 0 0 SSH Event
handle
I would assume that the SSH processing happens only on the main CPU,
would be cool to offload it to one/some of the VIPs..
As far as SSH on other models, if you have ever tried to get IPsec /
crypto working on a 2500, you know why its a bad idea :)
SSH on 6509s , that would be great! Still fighting with the idea of
running real IOS on 6500s, if the real IOS part contains SSH, you can bet
I would upgrade sooner than later. Anyone running 'real' IOS on
6500s? Any gotchas or superbugs?
cheers,
--
jason
|
