[28435] in North American Network Operators' Group
Re: ABOVE.NET SECURITY TRUTHS?
daemon@ATHENA.MIT.EDU (Kevin Oberman)
Sat Apr 29 13:42:53 2000
Message-Id: <200004291740.KAA09674@ptavv.es.net>
To: Paul Ferguson <ferguson@cisco.com>
Cc: nanog@merit.edu
In-reply-to: Your message of "Fri, 28 Apr 2000 23:09:19 EDT."
<4.3.1.2.20000428230813.00a8ce70@lint.cisco.com>
Date: Sat, 29 Apr 2000 10:40:44 -0700
From: "Kevin Oberman" <oberman@es.net>
Errors-To: owner-nanog-outgoing@merit.edu
> Date: Fri, 28 Apr 2000 23:09:19 -0400
> From: Paul Ferguson <ferguson@cisco.com>
> Sender: owner-nanog@merit.edu
>
>
> Steve,
>
> At 10:48 PM 04/28/2000 -0400, Steven M. Bellovin wrote:
>
> >As for the expense of ssh -- the big issue is login, when a lot of public
> >key operations are taking place.
>
> Yes, any computational intensive process is expensive.
>
> Yes, the price is worthwhile.
Totally agreed. We have been pushing Cisco toward SSH for years and are
very pleased that they were agreeable to looking at it before the need
hit them in the faces. (I do wish they had gotten serious about it a
bit sooner, though!)
Other vendors are better and worse. Juniper has always had full SSH
support. Of course, this is not too hard for them since they run
FreeBSD on their platforms and OpenSSH is a standard part of that OS. But
one of our major switch vendors (whom I'll leave unnamed at the
moment, pending their response to our requests) had engineers who had
no idea what SSH was. They thought it was a Unix shell, like tcsh,
with enhanced security! When I told them that both Cisco and Juniper
support SSH, they did become interested, but I will need to wait
another few weeks to see if they are really going to do something.
I'm sure some other vendors are as bad or worse. Cisco is NOT the
entire network world (even if it sometimes seems like it).
R. Kevin Oberman, Network Engineer
Energy Sciences Network (ESnet)
Ernest O. Lawrence Berkeley National Laboratory (Berkeley Lab)
E-mail: oberman@es.net Phone: +1 510 486-8634
