RE: telnet vs ssh on Core equipment , looking for reasons why ?
Actually, we do this now for our VPN users. Cisco Secure ACS 2.6 for NT proxies authentication requests to an ACE/Server 5.0 (works with 4.1 as well). Fairly stright forward to set up. I believe you can get evals of both products. Both servers have replication partners for redundancy and sit in a firewall DMZ. VPN users must log into a VPN web site using their tokens to obtain the VPN client. Gonna try this with our routers RSN. -----Original Message----- From: Mike Hoskins [mailto:mike@TELEVOKE.COM] Sent: Tuesday, July 31, 2001 4:04 PM To: Grace, Terry Subject: Re: telnet vs ssh on Core equipment , looking for reasons why ? I've been thinking of doing precisely this... Any pointers to info on something like this? I haven't researched it much yet (busy with IDS atm). Thanks, -Mike
"Grace, Terry" wrote:
Here's an alternative that might work. Authenticate via Radius which in turn proxies the authentication request to a SecurId server. With one time passwords, who cares if they get sniffed? You also get the benefit of having your Radius server being able to do accounting/access control on the sessions as well.
-----Original Message----- From: Dave Israel [mailto:davei@biohazard.demon.digex.net] Sent: Tuesday, July 31, 2001 2:43 PM To: alex@yuriev.com Cc: nanog@merit.edu Subject: RE: telnet vs ssh on Core equipment , looking for reasons why ?
Get to know us http://www.thestar.com - Canada's largest daily newspaper online http://www.toronto.com - All you need to know about T.O. http://www.workopolis.com - Canada's biggest job site http://www.torontostartv.com - Webcasting & Production http://www.newinhomes.com - Ontario's Largest New Home & Condo Website http://www.waymoresports.com - Canada's most comprehensive sports site
participants (1)
-
Grace, Terry