North American Network Operators Group|
Date Prev | Date Next |
Date Index |
Thread Index |
Author Index |
RE: telnet vs ssh on Core equipment , looking for reasons why ?
- From: Rubens Kuhl Jr.
- Date: Tue Jul 31 15:54:15 2001
SSH has one advantage to one time passwords, in providing a secure path to
see/change the configuration. Parameters like ACLs, communities and even
interface descriptions (wanna know who the clients of your competitor are
?) are travelling in clear on the network... even clear-text passwords with
vty access controls and routing protocols security can resist to sniffing
(know the password, can't use it), but information is always useful.
Rubens Kuhl Jr.
Here's an alternative that might work. Authenticate via Radius which in
turn proxies the authentication request to a SecurId server. With one time
passwords, who cares if they get sniffed? You also get the benefit of
having your Radius server being able to do accounting/access control on
the sessions as well.