I'm looking for a secure (i.e. stronly authenticated and encrypted)
transport mechanism for software and configuration management in LMS
3.1. Regarding firewalls, this is even a requirement for me, since it
is what our local firewall policy demands.
SCP transport sounds promising, at least for configuration archive and
SW image transfer. Unfortunately it is not supported by Cisco's firewall
devices (ASA, FWSM, and PIX). On IOS devices I've seen that it is
utterly broken - there are ^Ms instead of linefeeds in the archived
files (no, I'm not running LMS on MacOS!) and banner termination
characters get lost, making the following commands look like part of the banner.
SSH would be my next candidate. This sometimes works quite reasonable,
although there's a frightening number of bugs, some of which are still
not fixed. I've hit another one which is not in BugTool, yet. But having
a closer look, I found out that SSH transport may also mean that the
actual data is tranferred using TFTP! IMHO this is a really deceptive
naming scheme. I've also seen that RME tries to use telnet first,
although SSH is the primary transport in my configuration.
So how's my chance to see this mess cleaned up in the next 12 months and
to get a decent transport inplementation conforming to my requirements?
How do others think about this? Am I just too demanding and should I be
happy that there's still telnet support in LMS3.1?