telnet vs ssh on Core equipment , looking for reasons why ?
Stephen J. Wilcox
steve at opaltelecom.co.uk
Tue Jul 31 14:16:17 UTC 2001
> > true, but i would point out that if its your core equipment that you are
> > accessing from your network that sits directly on the core then you should
> > be happy with the fact that no one is eavesdropping and it makes no
> > difference.
>
> not everyone has out-of-band networks for management. Management of
> devices is sometimes done thousands of miles away. Remember also that this
> traffic can be sniffed before it gets to the core (yes, ssh is sniffable
> aswell, but just not as easily, and atleast it's not in plaintext)
this is in-band. if as you say you are accessing from another network then
this is where the encryption kicks in being useful, however that raises
another question - do you just allow any host to connect providing they
can authenticate? i know my login ports are restricted at both network and
host level to specific authorized addresses...
> > so thats my main logic, authentication... i cant understand the big
> > paranoia on people sniffing tho!
>
> unfortunately ssh is just as sniffable if it's an arp spoof, but hopefully
> it's not as easy for the naughty eavesdropper to get into the right
> position for that....
exactly, its probably easier to hack the box by other means than sniffing
auth details!
Steve
More information about the NANOG
mailing list