automating username/password when ssh to cisco router

Discussion in 'Cisco' started by BertieBigBollox, Apr 16, 2008.

  1. Not sure why the OpenBSD team should be particularly predestined to
    participate in the standardisation of ssh?
    The hallmark of a good conspiracy theory is that it can be neither
    proved nor disproved.

    HTH
    T.
     
    Tilman Schmidt, Apr 20, 2008
    #21
    1. Advertisements

  2. Yes, my point exactly. The Cisco box does not have a file system to
    SCP a file to anyway? Its not UNIX or anything similar - its Cisco
    IOS....
     
    BertieBigBollox, Apr 21, 2008
    #22
    1. Advertisements

  3. OK. Thats that then....
     
    BertieBigBollox, Apr 21, 2008
    #23
  4. Actually, this is not true. The Cisco box does have a file system, and it is
    accessible via scp. Quote from the Fine Manual ("Cisco IOS Security
    Configuration Guide, Release 12.4", chapter "Secure Copy",
    http://www.cisco.com/en/US/docs/ios/12_4/secure/configuration/guide/hscp.html):

    "Relying on SSH for security, SCP support allows the secure and authenticated
    copying of anything that exists in the Cisco IOS File Systems."

    The reason the scp command above didn't work is simply that
    ".ssh/authorized_keys" is not a valid file name in IOS. The IOS file system
    contains the software images in flash, pseudo files like "startup-config" and
    "running-config", and more. For an introduction, see the document "Using the
    Cisco IOS Integrated File System", to be found at
    http://www.cisco.com/en/US/docs/ios/fundamentals/configuration/guide/cf_filesystem.html
    All these can be transferred from and to the box via tftp, ftp, rcp, or scp,
    should you feel the need.

    But again, all this is beside the point. Even if you would somehow store your
    SSH public key in the Cisco IOS file system (no matter if flash, NVRAM, RAM,
    or somewhere in the config) that wouldn't achieve anything, because the SSH
    implementation in IOS just won't use it. This too can be found in the Fine
    Manual, chapter "Configuring Secure Shell" this time
    (http://www.cisco.com/en/US/docs/ios/12_4/secure/configuration/guide/schssh.html)
    which has the following to say, under the aptly named heading "Restrictions":

    "RSA authentication available in SSH clients is not supported in the SSH
    server for Cisco IOS software."

    Sad, but true. And no change in sight.

    HTH
    T.
     
    Tilman Schmidt, Apr 21, 2008
    #24
  5. BertieBigBollox

    Ivan Marsh Guest

    Trash Cisco... good deal.
    If it has NVRAM it has a filesystem... that doesn't necessarily mean you
    have access to that filesystem.
     
    Ivan Marsh, Apr 21, 2008
    #25
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.