Agreed, at minimum mgmt of the routers would be via a network that had as
its access server ssh only. Ever used a packet sniffer? Try ethereal
using telnet, that'll confirm for you why you should use ssh.
Brian
On Sat, 16 Feb 2002, Kent Hundley wrote:
> John,
>
> I _always_ recommend using ssh instead of telnet wherever possible. In
> fact, I can't think of a single good reason not to use it for in-band
> management. I'm not sure I understand what you mean by it being a pain
> since you change passwords often. I don't see how using ssh is any more of
> a pain than using telnet, and its certainly more secure.
>
> I have seen clients whose security policies dictated the use of ssh or, if
> that were not possible, use of 2-factor authorization such as securid. I
> suspect most organizations are moving to the use of ssh or have plans to do
> so if they are in the least bit security conscious.
>
> Regards,
> Kent
>
> -----Original Message-----
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
> John Neiberger
> Sent: Friday, February 15, 2002 8:07 AM
> To: [EMAIL PROTECTED]
> Subject: Slightly OT: SSH Poll [7:35505]
>
>
> I'm wondering how many of you are involved in networks that use SSH
> exclusively for router access. Since we're in the financial sector,
> external auditors continually suggest that this is necessary. While
> it's probably not a bad idea, I personally feel it's more of pain that
> it's worth, especially considering how often we change the passwords.
> But that's another matter altogether...
>
> So, are any of you using SSH exclusively in fairly large networks? If
> so, has it been working well for you?
>
> Thanks,
> John
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=35645&t=35505
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
