I found this on a blog:
Another missing ASA-feature: telnet and ssh client: ” Every single decent Cisco-device on earth has the ability to make an CLI-user jump to another device with telnet or ssh. Except the ASA. I really wish that this feature could be added. Right now I am troubleshooting a firewall and from where I am right now the only way in is to SSH to the ASA. I can do whatever I want inside the firewall from my SSH-window, but I need to access a router inside of that firewall, and if this feature wasn´t missing i could simply run ‘ssh ip-address’ to jump to the switch´s CLI.
Am I the last CLI-.guy on this planet? Please, Cisco?
The general view from the “security industry” is that implementation of telnet / SSH clients onto firewalls creates unacceptable security risk. This is because the use of client can be used to effectively bypass the firewall – that is, a user can SSH into the firewall, then SSH out from the firewall and then represents a security breach under most corporate security policies.
Because all firewalls are submitted to various standards bodies that agree that such things should not be allowed, most firewalls do not have telnet clients. Look at the Common Criteria Portal for more information.
However, some firewalls are allowing the functionality, for example Juniper NetScreen has a default setting of off, but you can enable in recent versions. From http://kb.juniper.net/InfoCenter/index?page=content&id=KB13890
Telnet client on the Juniper firewall is supported starting with ScreenOS 6.2.0 and above.
Previous versions of ScreenOS do not include a Telnet client; therefore, you cannot Telnet from the CLI of a Juniper firewall using firmware 6.1.0, 6.0.0, 5.4.0, etc. See KB5887.
Commands to enable/disable the Telnet client:set telnet client enable unset telnet client enable
I don’t know if Cisco has any plans to offer this feature.
(Via Jimmys Cyber Corner.)