Date: Fri, 28 Apr 2000 23:09:19 -0400 From: Paul Ferguson <ferguson@cisco.com> Sender: owner-nanog@merit.edu
Steve,
At 10:48 PM 04/28/2000 -0400, Steven M. Bellovin wrote:
As for the expense of ssh -- the big issue is login, when a lot of public key operations are taking place.
Yes, any computational intensive process is expensive.
Yes, the price is worthwhile.
Totally agreed. We have been pushing Cisco toward SSH for years and are very pleased that they were agreeable to looking at it before the need hit them in the faces. (I do wish they had gotten serious about it a bit sooner, though!) Other vendors are better and worse. Juniper has always had full SSH support. Of course, this is not too hard for them since they run FreeBSD on their platforms and OpenSSH is a standard part of that OS. But one of our major switch vendors (whom I'll leave unnamed at the moment, pending their response to our requests) had engineers who had no idea what SSH was. They thought it was a Unix shell, like tcsh, with enhanced security! When I told them that both Cisco and Juniper support SSH, they did become interested, but I will need to wait another few weeks to see if they are really going to do something. I'm sure some other vendors are as bad or worse. Cisco is NOT the entire network world (even if it sometimes seems like it). R. Kevin Oberman, Network Engineer Energy Sciences Network (ESnet) Ernest O. Lawrence Berkeley National Laboratory (Berkeley Lab) E-mail: oberman@es.net Phone: +1 510 486-8634