RANCID is a tool for backing up network devices configuration and versioning the backups. It was originally intended to backup Cisco configurations it does this by logging in to the devices using either telnet or ssh and then runs a series of commands. In a default set up it runs multiple commands and captures the output of each command, we don’t need all this information infact we only want to store the configuration and so we only need to grant the user one command “show running-config”.
I recently had to install a new HP c7000 chassis with 16 half height blades.
This came with 4 Cisco 3020’s switches in the back, 2 for normal network traffic and 2 for the iSCSI fabric. This was to be placed in a PCI environment and so had to meet PCI requirements.
PCI DSS states:
2.3 Encrypt all non-console administrative access using strong cryptography. Use technologies such as SSH, VPN, or SSL/TLS for web-based management and other non-console administrative access So we need to encrypt the management access to the switches, by default the Cisco IOS doesn’t support SSH or HTTPS Encryption.