[16872] in North American Network Operators' Group

home help back first fref pref prev next nref lref last post

Re: secure router access

daemon@ATHENA.MIT.EDU (Dean Anderson)
Fri May 15 02:07:53 1998

In-Reply-To: <199805150421.AAA07966@jekyll.piermont.com>
Date: Fri, 15 May 1998 01:58:50 -0400
To: perry@piermont.com, Michael Dillon <michael@memra.com>
From: Dean Anderson <dean@av8.com>
Cc: nanog@merit.edu

At 12:21 AM -0400 5/15/98, Perry E. Metzger wrote:
>URL or no, I've played with both kerberized NCSA telnet and SSH --
>anyone who claims that setting up and maintaining a KDC is as easy as
>the "point and shoot" rlogin replacement portion of SSH hasn't really
>tried both possibilities. SSH is far simpler -- its almost foolproof,
>and it requires no infrastructure commitment to run.

You still have to setup sshd and appropriate user accounts.  WRT Cisco you
would need something like Tacacs or RADIUS, which would also need to be
setup.   These aren't exactly "point and shoot" either.

If you have trouble setting up kerberos, try kerbnet from Cygnus.

I grant that Kerberos is a bit more sophisticated, and slightly more
complicated, though.

Not to mention that there is also sslTelnet.

		--Dean


++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
           Plain Aviation, Inc                  dean@av8.com
           LAN/WAN/UNIX/NT/TCPIP/DCE      http://www.av8.com
           We Make IT Fly!                (617)242-3091 x246
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++



home help back first fref pref prev next nref lref last post