North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: telnet vs ssh on Core equipment , looking for reasons why ?
> > true, but i would point out that if its your core equipment that you are > > accessing from your network that sits directly on the core then you should > > be happy with the fact that no one is eavesdropping and it makes no > > difference. > > not everyone has out-of-band networks for management. Management of > devices is sometimes done thousands of miles away. Remember also that this > traffic can be sniffed before it gets to the core (yes, ssh is sniffable > aswell, but just not as easily, and atleast it's not in plaintext) this is in-band. if as you say you are accessing from another network then this is where the encryption kicks in being useful, however that raises another question - do you just allow any host to connect providing they can authenticate? i know my login ports are restricted at both network and host level to specific authorized addresses... > > so thats my main logic, authentication... i cant understand the big > > paranoia on people sniffing tho! > > unfortunately ssh is just as sniffable if it's an arp spoof, but hopefully > it's not as easy for the naughty eavesdropper to get into the right > position for that.... exactly, its probably easier to hack the box by other means than sniffing auth details! Steve
|