secure router access

• Previous message (by thread): secure router access
• Next message (by thread): Core router bakeoff?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Curtis Villamizar writes:
> With ssh, the ssh key identity can't be revoked.  Instead you need to
> find all .slogin files for all the accounts on all the machines and
> routers and make sure they aren't listed under an assigned name or a
> pseudoname they chose and didn't tell you about (an impossible task),
> plus insure that any machine (like their home machine) that they have
> access to doesn't appear in any .shosts files.

A script can do that without much effort.

> Given 1,000 machines (for example) which sounds harder to do?

If you have 1,000 machines, neither is particularly more difficult
than the other. With 1,000 machines, you need a database driven
management system anyway. If you are trying to manually maintain
accounts on 1,000 hosts, you've done something terribly wrong.

Personally, I prefer SSH for a bunch of reasons, but I'll admit that
at this scale, K5 with 3DES would do as good a job. 1DES K4 is *not*
sufficiently secure, though, IMHO.

Perry

• Previous message (by thread): secure router access
• Next message (by thread): Core router bakeoff?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]