[c-nsp] How to easily and securely pull configuration from a PIX/ASA
John Kougoulos
koug at intracom.gr
Fri Dec 7 11:20:38 EST 2007
> The only option I can think of here if for you to grant access to a
> userid that is allowed to run 'copy running-config
> tftp://aaa.bbb.ccc.ddd/upload/pix.cfg' where aaa.bbb.ccc.ddd is the IP
> of the authorized TFTP server on a secured portion of your LAN. That
I think that you could also use kron to write via tftp/rcp/whatever to
to a server, although I haven't tried it.
also you could have an expect script running as a daemon that would ask
for the username/password at start and store it only in memory in an
encrypted but reversible format (eg. XOR) while running.
(or for the gpg key for an encrypted file with passwords ). you could also
use show tech to avoid the storage of the passwords etc etc.
John
More information about the cisco-nsp
mailing list