I wouldn't go with such a small key though. Try 1024 or above as a minimum.

I wouldn't go with such a small key though. Try 1024 or above as a minimum.

Hi Rob.

The matter is that the most recent version for pix software we have is 5.0.3, so that ssh command is not available in that version.

Would you know of another alternative configuration?

Thanks a lot in any case.

José Luis De Diego.

The only choices you have are to upgrade the code or add a Box that allows only ssh to it (maybe a Linux Box) then have the PIX only allow telnet from that box.

Just a Thought

Well there are a couple of ways to get to your PIX from the world that I know of.

The first, which is less secure, is to use a static nat to a private IP on your LAN, and then allow some sort of remote control (VNC, Netmeeting, Terminal Service, PCAnywhere, etc.) traffic through to that private IP. Once you remote control the PC on your LAN you can telnet to the inside interface of your PIX.

The other way is to VPN through your PIX to your LAN and then remote control a PC on your LAN, then telnet to the inside interface of your PIX. This is much more secure because all traffic is encrypted.

I'm sure there are other ways, but I hope this helps!

Rob

Ok, now I have a good overview of the problem.

Thanks to all. The problem I had was just the possible sniffers from inside users. Unfortunately our structured and horizontal cabling don't allow me to sepparate easily the management segment from other user's ones. But I still can ssh a secure box at another secure segment, and from that telnet securely the firewalls. Always from inside or dmzs interfaces. I think it's the easiest and quickest way. The VPN is the best solution, but not inmmediate, unfortunately.

Thanks a lot to all.

Greetings and regards.

José Luis De Diego.