North American Network Operators Group|
Date Prev | Date Next |
Date Index |
Thread Index |
Author Index |
Re: telnet vs ssh on Core equipment , looking for reasons why ?
- From: David Howe
- Date: Tue Jul 31 13:06:55 2001
> 1) You have legacy equipment that does not support ssh, and/or your
> vendor does not include ssh in every release of code (specifically,
> code you need to run.)
You can normally work around this - worst case, run a null-modem between
that box and the closest box that *does* support SSH, allow normal console
logins on that port....
> 2) Your vendor's ssh authentication creates a secure connection, and
> transfers the password securely, only to then send the password,
> unencrypted, to an authentication server for verification, making
> ssh moot.
Bad design - but again, you can usually work around it. VPN tunnel (or SSH
port forwarding) to the auth server springs to mind (if supported) or a
dedicated OOB mininetwork in the 1918 range just for the authentications.
even legacy 10base2 would be ok for that - it is not as if speed matters for
it. Or just use local logins for each one - I know it is much cleaner for
admin purposes to have a central auth server (add username once, in one
place) but a push-out solution *can* be made to work...