[c-nsp] SSH Authoized Keys?
Darryl Dunkin
ddunkin at netos.net
Fri May 9 14:33:16 EDT 2008
This is what local backup logins are for, you can revert to passwords in
the rare case it is needed (while having the convenience the other 99.9%
of the time). Same deal with TACACS, if your servers are unreachable,
you can still login using a local login/password from the NVRAM.
-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net
[mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Colin Whittaker
Sent: Friday, May 09, 2008 10:41
To: cisco-nsp at puck.nether.net
Subject: Re: [c-nsp] SSH Authoized Keys?
On Fri, May 09, 2008 at 04:59:52PM +0100, Phil Mayers wrote:
> I've never heard a good justification from Cisco as to why. Does
anyone
> know if a bug/feature request was ever opened?
The answer I have heard from Cisco is that doing so would place a
runtime dependancy on the storage.
It is reasonably safe to erase the nvram and format the flash on a
running box. If your authorised keys file was on the flash or nvram then
it failing would lock you out of the device.
You could put the keys into the config but the config could get messy.
Colin
--
Colin Whittaker +353 (0)86 8211 965
http://colin.netech.ie colin at netech.ie
_______________________________________________
cisco-nsp mailing list cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
More information about the cisco-nsp
mailing list