North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: telnet vs ssh on Core equipment , looking for reasons why ?

  • From: David Howe
  • Date: Tue Jul 31 13:06:55 2001

> 1) You have legacy equipment that does not support ssh, and/or your
>    vendor does not include ssh in every release of code (specifically,
>    code you need to run.)
You can normally work around this - worst case, run a null-modem between
that box and the closest box that *does* support SSH, allow normal console
logins on that port....

> 2) Your vendor's ssh authentication creates a secure connection, and
>    transfers the password securely, only to then send the password,
>    unencrypted, to an authentication server for verification, making
>    ssh moot.
Bad design - but again, you can usually work around it. VPN tunnel (or SSH
port forwarding) to the auth server springs to mind (if supported) or a
dedicated OOB mininetwork in the 1918 range just for the authentications.
even legacy 10base2 would be ok for that - it is not as if speed matters for
it. Or just use local logins for each one - I know it is much cleaner for
admin purposes to have a central auth server (add username once, in one
place) but a push-out solution *can* be made to work...