> It sounds like you want some extra security whilst transferring configs to
> and from your routers. However whether you have opened an SSH
> connection to your router or not, its STILL TFTP, and hence no encryption.
You do not need to used TFTP. FTP support has been in IOS since 12.0. So
that helps harden server vulnerabilities. For securing capture in flight, we
have SCP. SCP and the SSHv1 coded for 12.0(21)S. SSH for VTY ports was also
included. It was already in 12.2(2)T:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122newft/122
t/122t2/ftscp.htm
Here some of the new commands added ..
-----
A single new command will be added to enable scp server-side functionality:
[no] ip scp server enable
In order to copy a file to (or from) IOS from an external scp client, the
scp
serv-side functionality needs to be enabled.
The client-side functionality is hooked into the IOS 'copy' command via a
new
URL: scp://[username@]hostname/path
For example:
copy flash:c4500-ik2s-mz.scp scp://vilhuber@irp-view5/
-----
This archive was generated by hypermail 2b29 : Sun Aug 04 2002 - 04:12:53 EDT