When I said that it was a pain it meant that we'll have to change some things operationally which, like most other security measures, make things a little more difficult. Just minor issues, no big deal. One example might be that if I go to a remote site to do some work, I may not normally take a laptop as I could simply telnet in from a workstation. That capability would go away. Like I said, not a big deal at all.
It seems that the primary reason we might use SSH--and the reason mentioned by auditors--is to avoid sending passwords in the clear. However, as someone else mentioned, the version of SSH supported by Cisco sends passwords in the clear! If that's not the case, please let me know. The other issue that I discovered after I made the original post is that the 2500 series does not appear to support SSH and we have mostly 2500s at our remote sites. Again, if I'm mistaken there please let me know. Many thanks! Regards, John http://neiby.home.attbi.com ---- On Sat, 16 Feb 2002, Kent Hundley ([EMAIL PROTECTED]) wrote: > John, > > I _always_ recommend using ssh instead of telnet wherever possible. In > fact, I can't think of a single good reason not to use it for in-band > management. I'm not sure I understand what you mean by it being a pain > since you change passwords often. I don't see how using ssh is any more > of > a pain than using telnet, and its certainly more secure. > > I have seen clients whose security policies dictated the use of ssh or, > if > that were not possible, use of 2-factor authorization such as securid. > I > suspect most organizations are moving to the use of ssh or have plans to > do > so if they are in the least bit security conscious. > > Regards, > Kent > > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of > John Neiberger > Sent: Friday, February 15, 2002 8:07 AM > To: [EMAIL PROTECTED] > Subject: Slightly OT: SSH Poll [7:35505] > > > I'm wondering how many of you are involved in networks that use SSH > exclusively for router access. Since we're in the financial sector, > external auditors continually suggest that this is necessary. While > it's probably not a bad idea, I personally feel it's more of pain that > it's worth, especially considering how often we change the passwords. > But that's another matter altogether... > > So, are any of you using SSH exclusively in fairly large networks? If > so, has it been working well for you? > > Thanks, > John [EMAIL PROTECTED] > > ________________________________________________ Get your own "800" number Voicemail, fax, email, and a lot more http://www.ureach.com/reg/tag Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=35623&t=35505 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]