[nsp] permit vty ssh, no telnet for some users ?

Hudson Delbert J Contr 61 CS/SCBN Delbert.Hudson at LOSANGELES.AF.MIL
Mon Apr 26 15:09:11 EDT 2004 



good answer.

this still doesnt address the concept of restricting 
the access by a specific user not an ip address?

the rsvp to just use ssh would be the most prudent.

still, the issue of user-based control is not present in this
solution. 

the solution exists on the clients not on infra-structure boxes which
by rights ought not to have perofm this type operation.

let the system admins do it as they are the implementors of
data access policy.

/* piranha */


-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net
[mailto:cisco-nsp-bounces at puck.nether.net]On Behalf Of Richard Danielli
Sent: Monday, April 26, 2004 11:15 AM
To: cisco-nsp at puck.nether.net
Subject: RE: [nsp] permit vty ssh, no telnet for some users ?


Matthew,

What about providing an IP address and an IP address secondary, then use
ACLs to restrict what lands where, and then hand out the different IP
addresses to how that person is supposed to access the device as per your
preference.

of course if everyone is coming from the same SRC IP then you are probably
NATing which means that you can set up rules on the client side.

OR

Simply just have everyone use SSH.
-rd-

--
Richard Danielli
Founder/President
eSubnet Enterprises Inc.
TORONTO, ON
Canada
(416) 203-5253
c: (416) 525-6148
http://www.eSubnet.com


> -----Original Message-----
> From: cisco-nsp-bounces at puck.nether.net
> [mailto:cisco-nsp-bounces at puck.nether.net]On Behalf Of matthew zeier
> Sent: Monday, April 26, 2004 1:21 PM
> To: michael earls; Voll, Scott; cisco-nsp at puck.nether.net
> Subject: Re: [nsp] permit vty ssh, no telnet for some users ?
>
>
> Was looking for something that would allow one user to telnet and require
> everyone else to ssh from the same src address.
>
> Apparently this isn't possible.
>

_______________________________________________
cisco-nsp mailing list  cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

More information about the cisco-nsp mailing list