SSHv2

[rn4it]

We are wanting to add SSHv2 on our Cisco Router, we have a couple 3640's,2621 and a couple 1600's. I was just wanting to get some idea's as to the best way to acheive this.
thanks in advance
John

 

[gconnect]

cisco routers only support ssh version 1
(last time i checked)

 

[rn4it]

Yes, I have found 2 documents that state that, it also looks like the 1600's aren't supported with SSHv1, and the IOS' that are supported with SSHv1 You need a specific IOS version. Well, if anyone has any other idea's for securing routers, other then SSHv1 or ACL's it would be appreciated.
thanks
John

 

[gconnect]

the applications are platform independent, as i am sure that 1600's can support an ios that will run sshv1. it is purely an ios thing as far as which ios will support ssh.

i usually try to stick with these measures for securing routers i install

turning off all unneeded services
Context Based Access Control or tcp intercept if the ios is not capable
ACLs
IOS IDS
local username and passwd database or AAA (if possible, this is not feasible for most smaller companies without a tacacs or radius server)
ezVPN if they have a dynamic outside addy or LAN2LAN if they have static
rate-limiting inbound traffic (especially icmp)

logging to an internal syslog server or
logging to an external syslog server over the Internet through a IPSecVPN if possible

here's some further help

http://www.nsa.gov/snac/cisco/download.htm

and also check out SANS website

 

[rn4it]

Thanks,gconnect,I'll have to look into to it further re: the 1600's the one document that I have from them didn't list that series as a supported platform for SSH.
thanks again

 

[simonxts]

I've got a 1605 running ios 12.2.16 (c1600-k8osy-mz.122-16.bin)

An this one support SSHv1. I don't think sshv2 will be supported at least for this hwardware platform because it is end of sale.

If you need a configuration sample please let me know !

Simon

 

[rn4it]

Sure that would be great we have a couple 1604's and a couple 1601's.
thanks
Simon