telnet vs ssh on Core equipment , looking for reasons why ?

Rubens Kuhl Jr. rkuhljr at uol.com.br
Tue Jul 31 19:55:03 UTC 2001



SSH has one advantage to one time passwords, in providing a secure path to 
see/change the configuration. Parameters like ACLs, communities and even 
interface descriptions (wanna know who the clients of your competitor are 
?) are travelling in clear on the network... even clear-text passwords with 
vty access controls and routing protocols security can resist to sniffing 
(know the password, can't use it), but information is always useful.


Rubens Kuhl Jr.


>Here's an alternative that might work. Authenticate via Radius which in 
>turn proxies the authentication request to a SecurId server. With one time 
>passwords, who cares if they get sniffed? You also get the benefit of 
>having your Radius server being able to do accounting/access control on 
>the sessions as well.




More information about the NANOG mailing list