[40062] in North American Network Operators' Group
RE: telnet vs ssh on Core equipment , looking for reasons why ?
daemon@ATHENA.MIT.EDU (Ariel Biener)
Tue Jul 31 18:42:14 2001
Date: Wed, 1 Aug 2001 01:40:54 +0300 (IDT)
From: Ariel Biener <ariel@fireball.tau.ac.il>
To: Dave Israel <davei@biohazard.demon.digex.net>
Cc: Daniel Golding <dan@netrail.net>,
"Mr. James W. Laferriere" <babydr@baby-dragons.com>, nanog@merit.edu
In-Reply-To: <15206.57033.763818.451762@biohazard.demon.digex.net>
Message-ID: <Pine.LNX.4.21_heb2.09.0108010140220.1510-100000@fireball.tau.ac.il>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Errors-To: owner-nanog-outgoing@merit.edu
On Tue, 31 Jul 2001, Dave Israel wrote:
> 2) Your vendor's ssh authentication creates a secure connection, and
> transfers the password securely, only to then send the password,
> unencrypted, to an authentication server for verification, making
> ssh moot.
Use local AAA users. Of course, this doesn't scale well if you have 200
routers.
--Ariel
--Ariel
>
> -Dave
>
> On 7/31/2001 at 11:54:38 -0400, Daniel Golding said:
> >
> > I believe that folks are having problems saying why they use SSH instead of
> > telnet, because the best practice is simply so self-evident.
> >
> > SSH gives you a measure of protection against bad people sniffing out your
> > passwords. Telnet does not. SSH is encrypted. Telnet is not. It's pretty
> > easy - only use telnet if you must. Use SSH if you possible can. Of course,
> > this also holds true for using scp instead of ftp, although scp isn't as
> > widely supported, yet.
> >
> > - Daniel Golding
> >
> > > -----Original Message-----
> > > From: owner-nanog@merit.edu [mailto:owner-nanog@merit.edu]On Behalf Of
> > > Mr. James W. Laferriere
> > > Sent: Tuesday, July 31, 2001 11:25 AM
> > > To: nanog@merit.edu
> > > Subject: Re: telnet vs ssh on Core equipment , looking for reasons why ?
> > >
> > >
> > >
> > >
> > > Hello All ,Thank you for the disertations & insight into the
> > > possible methods of compromising an authentication attempt .
> > >
> > > But , I am really interested more in 'Why' each responsible
> > > indidvual(s) chose either telnet or ssh to manager their Core
> > > equipment .
> > >
> > > ssh
> > > 1 ) Has been the encrypted authentication .
> > >
> > > telnet
> > > 1 ) Has been legacy OS's / Equipment olny supporting telnet .
> > >
> > > On Tue, 31 Jul 2001, Mr. James W. Laferriere wrote:
> > > > Hello All ,I have charged myself with trying to find a statistic
> > > > on how many individuals responsible for IP core equipment
> > > > recommend telnet or ssh & why particularly .I will summarize .
> > >
> > > Tia ,JimL
> > >
> > > +------------------------------------------------------------------+
> > > | James W. Laferriere | System Techniques | Give me
> > > VMS |
> > > | Network Engineer | P.O. Box 854 | Give
> > > me Linux|
> > > | babydr@baby-dragons.com | Coudersport PA 16915 | only
> > > onAXP |
> > >
> > > +------------------------------------------------------------------+
> > >
> >
> >
>
> --
> Dave Israel
> Senior Manager, IP Backbone
> Intermedia Business Internet
>
--
Ariel Biener
e-mail: ariel@post.tau.ac.il
PGP(6.5.8) public key http://www.tau.ac.il/~ariel/pgp.html
