Kerberized telnet is supported in some feature sets, since 11.2, maybe
earlier. You can also use the Kerberos mechanism to do SSO (sign on to the
Kerberos server, and use Kerberos credentials to connect to all your
routers, without logging in (into an enabled session, if you like). MIT
Kerberos is available in BSD, most Linux, Sun, or you can compile it
yourself from MIT source, if you like.
Getting the router configured is the easy part, though. Kerberos, although
tricky to get running, is a lot better than it was a few years ago -- mostly
from Kerberos being the core of Win2k security. Note also that Kerberos
doesn't do any authorization, only authentication.
If anyone wants more info, feel free to ping me offlist.
-jon-
-----Original Message-----
From: Piatnitchi Cristian [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, January 03, 2001 2:56 AM
To: '[EMAIL PROTECTED]'
Subject: RE: TACACS and Telnet
Is there any other solution for a secure
communication/session with a remote router/switch ?
Thanks in advance
Cristian
-----Original Message-----
From: Piatnitchi Cristian [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, January 03, 2001 12:19 PM
To: 'Adam Quiggle'; Piatnitchi Cristian; '[EMAIL PROTECTED]'
Subject: RE: TACACS and Telnet
Hi Adam
Thanks for the link. Now the question is clear for me.
Yes is is true ssh is supported starting with IOS 12 but IOS 12.1 not
IOS 12.0
Is the upgrade free from a version to a higher one. I mean from 12.0 to 12.1
?
Thanks for help.
Cristian
-----Original Message-----
From: Adam Quiggle [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, January 03, 2001 11:22 AM
To: Piatnitchi Cristian; '[EMAIL PROTECTED]'
Subject: Re: TACACS and Telnet
Cristian,
Good question! No your telnet session is not secure. When
you type in your password you are sending it across the network
in clear text. However, the session that is used between your
router and the TACACS server is encrypted using the shared key
that you define when you setup TACACS.
If you want secure communications using a telnet like session
you will have to use SSH. I believe it was implemented in IOS 12.0,
but I could be wrong. Just remember that you will have to have
a SSH client in order to use SSH to communicate with your router.
Here is a link for more info.
http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121newft/121
t/121t1/sshv1.htm
(watch the wrap)
HTH,
AQ
At 03:47 AM 1/3/01, Piatnitchi Cristian wrote:
>Hi all
>
>I intend to setup TACACS+ authentication for all our network devices and
>I need to understand the following question:
>
>Is the telnet authentication sequence encrypted ? I am asking about the
>situation
>when the net. device is set up to work with TACACS+.
>If it isn't what should I do to have a secure connection during the
>authentication phase.
>
>I have to say that I use an IP connection not PPP. (It's just a simple
>Telnet session from our internal LAN)
>
>In my opinion it is not a secure session but I would like to be a secure
one
>and I don't know how to set it.
>I will be waiting for your advice.
>
>Thanks in advance
>Cristian
>
>
>_________________________________
>FAQ, list archives, and subscription info:
>http://www.groupstudy.com/list/cisco.html
>Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
**************************************************
Adam Quiggle
Senior Network Engineer
MCI Worldcom/NOC/BP Amoco
[EMAIL PROTECTED]
**************************************************
_________________________________
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
_________________________________
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
_________________________________
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
_________________________________
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
