Re: Telnet Security Question for a Router.

[Charley Hamilton <chamilto () uci edu>]

> The Network Services Group is adamant that neither SSH or 
> CISCO TACACS+ will work on a router to correct the security
> issue.

*blink blink*

As a relative newbie/ignorant, I am distressed to hear that
ssh doesn't "correct the security issues" with regard to
clear-text username/password travel.  Doesn't ssh send *all*
traffic (from login to logoff inclusive) encrypted?  Granted,
no encryption is perfect, but take a large key and it'll take
a while to decrypt, no?  If you don't want to have passwords
traveling at all, use keypairs with passphrases, with
the keys stored on encrypted removable media.  (That's my
strategy for my ssh/sftp servers.)

Is there something specific to routers that makes this solution
inappropriate?  Alternatively, is there some other problem with
the routers that makes ssh and incomplete solution?

Inquiring (newbie) minds want to know!

Charley

--
Charles Hamilton, PhD EIT               Faculty Fellow
Department of Civil and                 Phone: 949.824.3752
    Environmental Engineering           FAX:   949.824.2117
University of California, Irvine        Email: chamilto () uci edu