Re: [nsp] 3DES SSH IOS

From: Pete Kruckenberg (pete@kruckenberg.com)
Date: Tue Jul 16 2002 - 18:25:42 EDT


Hi Sean.

We have been running 3DES on 7500 and 12000 with general
success. What we have found is that if you can get it to
boot, it generally works. We have had some problems just
getting some versions to boot, but that hasn't been
restricted to just 3DES versions. We have tested 12.0S, and
12.1 and 12.2 main-line releases.

The CPU load doesn't seem to be impacted noticeably by 3DES
(we're just using it for SSH, no encrypted tunnel
terminations).

It is reassuring (to us and our customers) to know that
passwords, enable secrets and configurations can't be
sniffed (as easily).

We have tested SSH authentication with TACACS+ (normal and
SecureID-enabled systems), works perfectly. We did some
limited testing with RADIUS-authenticated SSH but the
results aren't very scientific.

Pete.

On Tue, 16 Jul 2002, Me wrote:

> Date: Tue, 16 Jul 2002 14:33:42 -0600 (MDT)
> From: Me <smentzer@mentzer.org>
> To: cisco-nsp@puck.nether.net
> Subject: [nsp] 3DES SSH IOS
> Resent-Date: Tue, 16 Jul 2002 16:36:29 -0400
> Resent-From: cisco-nsp@puck.nether.net
>
> Does anyone have anything good/bad to say about the 3DES SSH images for
> Cisco routers? I am interested in experiences with 7500/10000/12000
> images particularly.
>
> Thanks.
>
> -sean
> Spoon!
>



This archive was generated by hypermail 2b29 : Sun Aug 04 2002 - 04:13:50 EDT