Partially Solved! Re:Multiple ssh keys in known_hosts possible?
Mike Kallies
mike.kallies-Re5JQEeQqe8AvxtiuMwx3w at public.gmane.org
Fri Jul 13 13:28:58 UTC 2007
On 7/13/07, Mike Kallies <mike.kallies-Re5JQEeQqe8AvxtiuMwx3w at public.gmane.org> wrote:
...
> And finally, since you're only using one pair of SSH accounts, only
> allow key-based authentication and do not give out accounts to
> untrusted people. This is external facing, people will try strange
> things.
whoops, I guess most of that was directed toward Madison. I'm not
quite awake yet.
For the PIX, try to use different ports and different hostnames in
/etc/hosts on the automation server.
e.g.
/etc/hosts
192.168.5.5 routera
192.168.5.5 routerb
Then something like:
ssh -p 6622 cfgbkp at routera {...commands...}
ssh -p 6623 cfgbkp at routerb {...commands...}
On the firewall, you'd redirect 6622 to routera, 6623 to routerb
I really don't like the idea of externally facing ssh on a router.
Another shoestring budget right? :-)
You'd be better off having a script trigger from inside the
environment to encrypt the config and send it in an email. Then you
don't need to expose SSH.
-Mike
--
The Toronto Linux Users Group. Meetings: http://gtalug.org/
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://gtalug.org/wiki/Mailing_lists
More information about the Legacy
mailing list