Cisco Cisco MGX 8880 Media Gateway
5
Release Notes for Cisco MGX 8880 Software Release 5.3.00
Part Number OL-8892-01 Revision B0, October 23, 2006
Release 5.3.00 Features and Enhancements
•
Release Notes for Cisco MGX Route Processor Module (RPM-XF) Cisco IOS Release 12.4(6)T for
PXM45-based Switches, Release 5.3.00
PXM45-based Switches, Release 5.3.00
–
Secure Shell (SSH) section
Disabling Telnet and FTP
By default, the PXM45 permits unsecured access from Telnet and FTP clients, as well as secure access
from SSH and SFTP clients. A new option (16) of the cnfndparm command, along with an existing
option (15), disables unsecured Telnet and FTP access from remote hosts, while permitting secure SFTP
and SSH sessions.
from SSH and SFTP clients. A new option (16) of the cnfndparm command, along with an existing
option (15), disables unsecured Telnet and FTP access from remote hosts, while permitting secure SFTP
and SSH sessions.
If you plan to use SFTP and SSH on the PXM45, you should consider disabling FTP and Telnet access
to improve security. Telnet and FTP transfer all user ID, password, and session management information
between the client and the PXM45 using clear text. Clear, or unencrypted, text can be read by network
analysis and snooping tools.
to improve security. Telnet and FTP transfer all user ID, password, and session management information
between the client and the PXM45 using clear text. Clear, or unencrypted, text can be read by network
analysis and snooping tools.
Initializing SFTP
Upgrading PXM software is not sufficient to initialize and enable the SFTP feature. You must initialize
the sshd_config file and reset the MGX chassis. Because resetting a chassis can interrupt traffic, you
should initialize SFTP before upgrading software so you don’t need to reset it later.
the sshd_config file and reset the MGX chassis. Because resetting a chassis can interrupt traffic, you
should initialize SFTP before upgrading software so you don’t need to reset it later.
To initialize SFTP, perform the following steps:
Step 1
Initiate an FTP session with the PXM card.
Step 2
Change to the F:/SSHD directory.
Step 3
Get the sshd_conf file from the F:/SSHD directory.
Step 4
Append the line subsystem sftp sftp to the file.
Step 5
Put the sshd_conf file into the F:/SSHD directory.
Step 6
Proceed with the normal software upgrade procedure. Alternatively, enter the resetsys command to reset
the chassis.
the chassis.
Note
The resetsys command interrupts all traffic on the MGX chassis.
Option 15
Type yes to disable Telnet access to this switch. Type no to enable Telnet access.
Default: no (Telnet access is enabled)
Option 16
Type yes to disable unsecured access to this switch, either Telnet or FTP. Changing this
option from no to yes automatically changes Option 15 to yes. Changing from yes to
no has no affect on Option 15.
option from no to yes automatically changes Option 15 to yes. Changing from yes to
no has no affect on Option 15.
Default: no (Unsecured access is enabled)