On Thu, Sep 21, 2023 at 6:56 AM Jim <mysidia@gmail.com> wrote: ...
My understanding is a good number of password manager products exists which will handle that, and then the only AAA which network devices need to be concerned about for Authentication and Authorization is Basic password auth, which all equipment supports. And the security problems don't arise so much for using the TACACS+ / Tac_plus service Solely for Accounting (in addition to basic remote syslog).
it's important to recognize that there's not really any protection (practical protection) from MITM if you use a passwd with your ssh connection. A key'd authentication has these protections, as a quirk of the ssh protocol... (or a design feature if you wish) A certificate authenticated session has these same protections.