Mike, I guess your reading comprehension skills are on par with your tact.
The original post was in regards to SSH and TACACS, and my reply to that post was to point out the functional difference between SSH or Telnet access and TACACS. The conversion between the client and router is encrypted via the SSH session, but the TACACS server is providing AAA. The same as it would with a telnet session; however, the telnet session wouldn't provide encrypt between the client and the router. Philip -----Original Message----- From: mike greenberg [mailto:[EMAIL PROTECTED]] Sent: Friday, September 20, 2002 3:53 PM To: [EMAIL PROTECTED] Subject: RE: TACACS+ [7:53721] Now I know why EDS stock is taking a beating.... When you use TACACS+, you basically offload the authentication, authorization and accounting to the TACACS+ server (running on your Linux box). If you don't want people to connect to your routers via telnet, set the vty line on your routers to accept only SSH. You can still log onto the routers with SSH and use the account on your TACACS+ server (if you configure the router properly). I have a sample TACACS+ configuration. Contact me off-line if you are interested. The configuration of TACACS+ has nothing to do with either telnet or ssh "Blair, Philip S" wrote:Your passwords are encrypted with SSH between the client and router, between the router and tacacs server your tacacs key is used. I use tac_plus with clients that use a combination of SSH and telnet. Some routers require SSH some basic telnet is allowed. I have no special configurations within tac_plus to accommodate the two access methods. Philip -----Original Message----- From: Erich Kuehn [mailto:[EMAIL PROTECTED]] Sent: Friday, September 20, 2002 12:16 PM To: [EMAIL PROTECTED] Subject: TACACS+ [7:53721] Im trying to setup tacacs+ for aaa on my routers. I have downloaded and installed tacplus from cisco on a linux box (RH7.3). Im looking for some examples of config files for the tac_plus executable. Currently we use SSH and local logins for authentication, I would like to continue to use SSH to get into my boxes. From the config files I have seen Im unsure as to how I would continue to use SSH as the passwords are all encrypted. Thanks Erich Do you Yahoo!? New DSL Internet Access from SBC & Yahoo! Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=53748&t=53721 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
