telnet vs ssh on Core equipment , looking for reasons why ?
David Howe
DaveHowe at gmx.co.uk
Tue Jul 31 17:02:38 UTC 2001
> 1) You have legacy equipment that does not support ssh, and/or your
> vendor does not include ssh in every release of code (specifically,
> code you need to run.)
You can normally work around this - worst case, run a null-modem between
that box and the closest box that *does* support SSH, allow normal console
logins on that port....
> 2) Your vendor's ssh authentication creates a secure connection, and
> transfers the password securely, only to then send the password,
> unencrypted, to an authentication server for verification, making
> ssh moot.
Bad design - but again, you can usually work around it. VPN tunnel (or SSH
port forwarding) to the auth server springs to mind (if supported) or a
dedicated OOB mininetwork in the 1918 range just for the authentications.
even legacy 10base2 would be ok for that - it is not as if speed matters for
it. Or just use local logins for each one - I know it is much cleaner for
admin purposes to have a central auth server (add username once, in one
place) but a push-out solution *can* be made to work...
More information about the NANOG
mailing list