[c-nsp] How to easily and securely pull configuration fromaPIX/ASA
Church, Charles
cchurc05 at harris.com
Wed Dec 5 13:08:53 EST 2007
I could be wrong, but I think that any remote access (SSL/SSH/SCP) is
going to require a username/password combo. Of course, those protocols
can be limited to source IPs. I don't believe you can limit a protocol
to a certain command. You can with TACACS (not sure if supported on
ASA) using authorization though. But I think you're stuck if you want
to only use an SSH public/private key to authenticate. I far from being
a AAA/RSA expert though...
Chuck
-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net
[mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Marc Haber
Sent: Wednesday, December 05, 2007 12:32 PM
To: cisco-nsp at puck.nether.net
Subject: Re: [c-nsp] How to easily and securely pull configuration
fromaPIX/ASA
On Wed, Dec 05, 2007 at 09:46:53AM -0600, Church, Charles wrote:
> What if you enable SCP server on the ASA, and then pull it via SCP
get?
Is it possible to authenticate with an ssh key, with the key limited
to a single source IP, and to only be allowed to scp get the running
config?
Greetings
Marc
--
------------------------------------------------------------------------
-----
Marc Haber | "I don't trust Computers. They | Mailadresse im
Header
Mannheim, Germany | lose things." Winona Ryder | Fon: *49 621
72739834
Nordisch by Nature | How to make an American Quilt | Fax: *49 3221
2323190
_______________________________________________
cisco-nsp mailing list cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
More information about the cisco-nsp
mailing list