Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

SSH on IOS (was RE: ABOVE.NET SECURITY TRUTHS?)

  • From: Jason Ackley
  • Date: Fri Apr 28 19:12:18 2000



On Fri, 28 Apr 2000, Greene, Dylan wrote:

> SSH version 1 is apparently supported in 12.0 as well (never played w/ it,
> so dunno how well it works);

 It is in some of the 12.0(x) S trains (S == 'service provider').. 

 I am running 12.0(9)S on some 7507s and they have been doing fine (light 
 load). There are still some quirks tho at least in the release I am
 running:

jason@web1:~$ ssh -l jason -c 3des x.y.z.1
jason@x.y.z.1's password: 

r1>show slaveslot0:
-#- ED --type-- --crc--- -seek-- nlen -length- -----date/time------ name
1   .. image    F5DA8D1A  6FCD3C   19  7195836 Jan 16 2000 08:31:12
rsp-jv-mz.111-27.CC
2   .. image    D8598D7C  F7BFD4   23  8909336 Mar 26 2000 09:21:21
rsp-k4pv-mz.120-9.S.bin

Local: Corrupted check bytes on input.
jason@web1:~$  

So just dont do a 'show slaveslot0:' over SSH  :-) Anyone else have this
problem?  Works fine via console or (shudder) telnet..


As far as CPU load(from a show proc cpu):
 PID  Runtime(ms)  Invoked  uSecs    5Sec   1Min   5Min TTY Process 
 28         640       213   3004   0.00%  0.13%  0.12%   2 SSH Process    

 This is with little EXEC work, I did a few 'show int' then the 'show proc
cp'.

Memory(show proc mem):
 PID TTY  Allocated      Freed    Holding    Getbufs    Retbufs Process
 28   2     603464     596892      13368          0          0 SSH Process     
 99   0    2089744    1218112       6892          0          0 SSH Event
handle

 I would assume that the SSH processing happens only on the main CPU,
 would be cool to offload it to one/some of the VIPs..

 As far as SSH on other models, if you have ever tried to get IPsec /
 crypto working on a 2500, you know why its a bad idea :)

 SSH on 6509s , that would be great! Still fighting with the idea of
 running real IOS on 6500s, if the real IOS part contains SSH, you can bet
 I would upgrade sooner than later. Anyone running 'real' IOS on
 6500s? Any gotchas or superbugs?


cheers,
--
jason









Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.