Just a couple of points:
(1) TACACS is for accrediting the login, unlike RADIUS which does
NOT share the network stored password in the open when it gives
the router or other comm device the assist for you to log in.
(2) SSH or OpenSSH encrypts one users session from one host to
one other host.
(3) Cisco SSH as I sadly learned a) comes only with pretty recent
versions of Cisco Internet Operating Systems, ca. 12.X, and, b)
ONLY can be configured with a fairly sophisticated ( I read ex-
pensive ) "feature pack", crypto-enabled.
TACACS+, around for a while, RADIUS, have extensive FAQs on the web and
there is a Cisco FAQ on CCO in /public/ you should read before trying
to implement same on your garden variety Cisco router. Expect the
crypto enabled 7000s to be a good candidate, maybe NOT on 2500s or on
2600s or below.
/Everett/
On Wed, Apr 04, 2001 at 10:11:46AM +0200, Enno Rey wrote:
> > I've been asked my opinions on implementing TACACS+ vs ssh to control
> access
> > to Cisco routers. I'm wondering if anyone has a comparision paper. Off
>
> Comparing TACACS+ and ssh here is like comparing apples to pears (as we say
> in german...)
> You can/should use them both.
--
+ http://www.vhwy.com [EMAIL PROTECTED] [EMAIL PROTECTED] http://www.cotdazr.org +
+ PocketNet Mail to [EMAIL PROTECTED] / Cell/VoiceMail 805 340-6471 +
+ Unix BSD, Sun, HP SCO Linux Security Cisco Routing DataFellows QMail DNS +
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
