Crist Clark wrote:
Anyone from the real world knows that there are real and significant costs to convert an existing infrucstructure with telnet, the r-protocols, ftp, and all of their unencrypted, unauthenticated friends to SSH and SSL secured connections. Yeah, maybe the software licencing costs are little to nothing, but the administrative overehead of converting all of your other scripts and software, plus lots and LOTS of retraining of admin and users can be very expensive or simply infeasible.
NTM all that legacy hardware for which the vendor simply never released an SSH-capable version. And lots of deployed CPE which lacks sufficient flash space to load an SSH-capable version where one was released. I can think of a hundred cases where there's a definite measurable hardware upgrade cost associated with enabling SSH and the like. Internally, our policy is to establish telnet connections from the closest upstream point possible, in most cases, the other side of a serial interface where our biggest possible cleartext exposure is gremlins at the CO.