Merit Network
 Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives
North American Network Operators Group
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

RE: telnet vs ssh on Core equipment , looking for reasons why ?

  • From: Rubens Kuhl Jr.
  • Date: Tue Jul 31 15:54:15 2001


SSH has one advantage to one time passwords, in providing a secure path to see/change the configuration. Parameters like ACLs, communities and even interface descriptions (wanna know who the clients of your competitor are ?) are travelling in clear on the network... even clear-text passwords with vty access controls and routing protocols security can resist to sniffing (know the password, can't use it), but information is always useful.


Rubens Kuhl Jr.


Here's an alternative that might work. Authenticate via Radius which in turn proxies the authentication request to a SecurId server. With one time passwords, who cares if they get sniffed? You also get the benefit of having your Radius server being able to do accounting/access control on the sessions as well.


Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.