|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical RE: telnet vs ssh on Core equipment , looking for reasons why ?
SSH has one advantage to one time passwords, in providing a secure path to see/change the configuration. Parameters like ACLs, communities and even interface descriptions (wanna know who the clients of your competitor are ?) are travelling in clear on the network... even clear-text passwords with vty access controls and routing protocols security can resist to sniffing (know the password, can't use it), but information is always useful. Rubens Kuhl Jr. Here's an alternative that might work. Authenticate via Radius which in turn proxies the authentication request to a SecurId server. With one time passwords, who cares if they get sniffed? You also get the benefit of having your Radius server being able to do accounting/access control on the sessions as well.
|