RE: telnet vs ssh on Core equipment , looking for reasons why ?

["Grace, Terry" <tgrace () thestar ca>]

Actually, we do this now for our VPN users. Cisco Secure ACS 2.6 for NT
proxies authentication requests to an ACE/Server 5.0 (works with 4.1 as
well). Fairly stright forward to set up. I believe you can get evals of both
products. Both servers have replication partners for redundancy and sit in a
firewall DMZ. VPN users must log into a VPN web site using their tokens to
obtain the VPN client. 

Gonna try this with our routers RSN.

-----Original Message-----
From: Mike Hoskins [mailto:mike () TELEVOKE COM]
Sent: Tuesday, July 31, 2001 4:04 PM
To: Grace, Terry
Subject: Re: telnet vs ssh on Core equipment , looking for reasons why ?



I've been thinking of doing precisely this...  Any pointers to info on
something like this?  I haven't researched it much yet (busy with IDS
atm).

Thanks,
-Mike

> "Grace, Terry" wrote:
>
> Here's an alternative that might work. Authenticate via Radius which
> in turn proxies the authentication request to a SecurId server. With
> one time passwords, who cares if they get sniffed? You also get the
> benefit of having your Radius server being able to do
> accounting/access control on the sessions as well.
>
> -----Original Message-----
> From: Dave Israel [mailto:davei () biohazard demon digex net]
> Sent: Tuesday, July 31, 2001 2:43 PM
> To: alex () yuriev com
> Cc: nanog () merit edu
> Subject: RE: telnet vs ssh on Core equipment , looking for reasons why
> ?
Get to know us
http://www.thestar.com - Canada's largest daily newspaper online
http://www.toronto.com - All you need to know about T.O.
http://www.workopolis.com - Canada's biggest job site
http://www.torontostartv.com - Webcasting & Production
http://www.newinhomes.com - Ontario's Largest New Home & Condo Website
http://www.waymoresports.com - Canada's most comprehensive sports site