nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: telnet vs ssh on Core equipment , looking for reasons why ?

From: "David Howe" <DaveHowe () gmx co uk>
Date: Tue, 31 Jul 2001 18:02:38 +0100


1) You have legacy equipment that does not support ssh, and/or your
   vendor does not include ssh in every release of code (specifically,
   code you need to run.)

You can normally work around this - worst case, run a null-modem between
that box and the closest box that *does* support SSH, allow normal console
logins on that port....


2) Your vendor's ssh authentication creates a secure connection, and
   transfers the password securely, only to then send the password,
   unencrypted, to an authentication server for verification, making
   ssh moot.

Bad design - but again, you can usually work around it. VPN tunnel (or SSH
port forwarding) to the auth server springs to mind (if supported) or a
dedicated OOB mininetwork in the 1918 range just for the authentications.
even legacy 10base2 would be ok for that - it is not as if speed matters for
it. Or just use local logins for each one - I know it is much cleaner for
admin purposes to have a central auth server (add username once, in one
place) but a push-out solution *can* be made to work...
Previous By Date Next
Previous By Thread Next

Current thread: