The Network Services Group is adamant that neither SSH or
> CISCO TACACS+ will work on a router to correct the security
> issue.
*blink blink*
As a relative newbie/ignorant, I am distressed to hear that
ssh doesn't "correct the security issues" with regard to
clear-text username/password travel. Doesn't ssh send *all*
traffic (from login to logoff inclusive) encrypted? Granted,
no encryption is perfect, but take a large key and it'll take
a while to decrypt, no? If you don't want to have passwords
traveling at all, use keypairs with passphrases, with
the keys stored on encrypted removable media. (That's my
strategy for my ssh/sftp servers.)
Is there something specific to routers that makes this solution
inappropriate? Alternatively, is there some other problem with
the routers that makes ssh and incomplete solution?
Inquiring (newbie) minds want to know!
Charley
--
Charles Hamilton, PhD EIT Faculty Fellow
Department of Civil and Phone: 949.824.3752
Environmental Engineering FAX: 949.824.2117
University of California, Irvine Email: [EMAIL PROTECTED]
