[40057] in North American Network Operators' Group
RE: telnet vs ssh on Core equipment , looking for reasons why ?
daemon@ATHENA.MIT.EDU (Alex Bligh)
Tue Jul 31 17:44:51 2001
Date: Tue, 31 Jul 2001 22:44:14 +0100
From: Alex Bligh <alex@alex.org.uk>
Reply-To: Alex Bligh <alex@alex.org.uk>
To: davei@biohazard.demon.digex.net, Daniel Golding <dan@netrail.net>
Cc: "Mr. James W. Laferriere" <babydr@baby-dragons.com>,
nanog@merit.edu, Alex Bligh <alex@alex.org.uk>
Message-ID: <175975018.996619453@[169.254.158.149]>
In-Reply-To: <15206.57033.763818.451762@biohazard.demon.digex.net>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Errors-To: owner-nanog-outgoing@merit.edu
> 2) Your vendor's ssh authentication creates a secure connection, and
> transfers the password securely, only to then send the password,
> unencrypted, to an authentication server for verification, making
> ssh moot.
Less moot if
a) The p/w contains one-time p/w components, or
(if you like logging into your routers more often)
b) You configure aaa to run over ip-sec (say), and fall back to console
access which is either out of band, or contains one time passwords
--
Alex Bligh
Personal Capacity
