Karl,
If the question is "why don't you use tacacs instead of ssh?", the
answer is:
1) Tacacs+ only encrypts between the NAS (router) and the
Tacacs+ server, the username and password are still passed in
clear-text between the telnet client and the router.
2) They're not mutually exclusive. You can use SSH and Tacacs+
together. In fact, this is the best way to remotely manage your
routers if you don't have out-of-band access.
Regards,
Kent
On 28 Mar 2001, at 14:30, West, Karl wrote:
> What about TACACS+/cisco SecureAcs on your routers!
>
> -----Original Message-----
> From: Simmons, Chad [mailto:[EMAIL PROTECTED]]
> Sent: Monday, March 26, 2001 7:49 AM
> To: 'Glenn Johnson '; '[EMAIL PROTECTED] '
> Subject: RE: Implementing SSH on Cisco IOS
>
>
> Last time I asked a few months ago they had no plans.
>
> Chad A. Simmons, MCSE, CCNP, CCDP
> Network Consultant
> Court Square Data Group, Inc.
> www.csdg.com
>
> -----Original Message-----
> From: Glenn Johnson
> To: [EMAIL PROTECTED]
> Sent: 3/26/01 1:39 AM
> Subject: RE: Implementing SSH on Cisco IOS
>
> Related Q: Anyone know if Cisco has plans to support SSH2 anytime
> soon?
>
> -----Original Message-----
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
> Simmons, Chad Sent: Sunday, March 25, 2001 11:00 PM To: 'Sean Young';
> [EMAIL PROTECTED] Subject: RE: Implementing SSH on Cisco IOS
>
>
> http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121new
> ft /121 t/121t1/sshv1.htm
>
> Supported Platforms
> Cisco 1700 series
> Cisco 2600 series
> Cisco 3600 series
> Cisco 7200 series
> Cisco 7500 series
> Cisco ubr920 series
>
> But it does require a DES or 3Des software image. You may want to
> check CCO before posting erronious info.
>
> Best Regards,
>
> Chad A. Simmons, MCSE, CCNP, CCDP
> Network Consultant
> Network Services Group
> Court Square Data Group, Inc.
> 1391 Main St.
> Springfield, Ma. 01103
> (413) 746-0054 (Phone)
> (413) 746-0058 (Fax)
> [EMAIL PROTECTED]
> http://www.csdg.com
> Information solutions that work in the real world.
>
>
> -----Original Message-----
> From: Sean Young [mailto:[EMAIL PROTECTED]]
> Sent: Sunday, March 25, 2001 10:50 PM
> To: [EMAIL PROTECTED]
> Subject: Implementing SSH on Cisco IOS
>
>
> Doesn't Cisco realize that telnet is a security risk on Cisco devices
> especially for us who often has to telnet to the router remotely to
> fix/troubleshoot problems? Because username and password are
> traveling across the Internet in CLEAR TEXT, the risk is too great. I
> work for a company that would not allow us to telnet to the router
> from the Internet to our company routers and switches. I know that
> SSH (version 1) is available on IOS 12.1.x (only on 7000 and GSR
> platforms). Why don't they just implement SSH on all platforms? It
> is not that difficult to do this (in my opinion). Because of SSH
> lacking in Cisco IOS, I have to drive all the way to work to
> troubleshoot when there is problem. This is suck. You could implement
> all access-list all you like; however, the problem is that telnet will
> no encrypt information especially username and password across the
> Internet. SSH is widely implemented on almost all of Unix flavor and
> Juniper as well. How difficult is it to implement it on Cisco IOS?
>
> Anyone disagree?
>
> Sean
>
> _________________________________________________________________ Get
> your FREE download of MSN Explorer at http://explorer.msn.com
>
> _________________________________
> FAQ, list archives, and subscription info:
> http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>
> _________________________________
> FAQ, list archives, and subscription info:
> http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>
> _________________________________
> FAQ, list archives, and subscription info:
> http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>
> _________________________________
> FAQ, list archives, and subscription info:
> http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>
> _________________________________
> FAQ, list archives, and subscription info:
> http://www.groupstudy.com/list/cisco.html Report misconduct and
> Nondisclosure violations to [EMAIL PROTECTED]
_________________________________
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
