IETF-SSH archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: [Netconf] I-D Action: draft-ietf-netconf-reverse-ssh-00.txt
----- Original Message -----
From: "Martin Bjorklund" <mbj%tail-f.com@localhost>
To: <ietfc%btconnect.com@localhost>
Cc: <kwatsen%juniper.net@localhost>; <jhutz%cmu.edu@localhost>; <ietf-ssh%NetBSD.org@localhost>;
<netconf%ietf.org@localhost>
Sent: Wednesday, June 26, 2013 11:08 AM
> t.petch <ietfc%btconnect.com@localhost> wrote:
> > I am really confused. If the device/netconf server will not allow
> > inbound SSH connections, then I cannot see how your I-D can work.
It
> > has the device setting up a TCP connection on a port which signals
to
> > the Netconf client/NMS to make an SSH connection to the Netconf
> > server/device
>
> No, the device sets up the TCP connection, and then the SSH protocol
> is run on this connection.
>
> o The NETCONF client accepts an incoming TCP connection and
> immediately starts the SSH client protocol.
>
> This can probably be made more clear in the text...
Martin
Yes! That is exactly what I said. But what I also said is that Kent
says
" It works fairly well for automating the discovery of devices with
static IPs
on a reachable network, but not at all when the devices are behind a
firewall that won't allow inbound SSH connections."
Works not at all .. when the devices are behind a firewall.
So if devices behind a firewall is a requirement, then the design fails
to meet it.
If that is not a requirement, why has Kent raised it (and it has been
raised before)?
This should confuse everyone (not just me:-)
Tom Petch
>
>
> /martin
>
Home |
Main Index |
Thread Index |
Old Index