[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Summary: SSH concerns

To: nanog@merit.edu
Subject: Summary: SSH concerns
From: Eliot Lear <lear@cisco.com>
Date: Tue, 16 Sep 2003 05:55:42 -0700
Cc: netconf <netconf@ops.ietf.org>
User-agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.5b) Gecko/20030910

Thanks to everyone for responding. The summary seems to be that there aren't concerns with the application itself. Nobody reported a case where the application actually spat out information that needed to be dealt with by the expect script.

A number of people indicated that they were still doing stuff over telnet.

Those who did use ssh invoked it with -T. One person recommended -o "Batchmode=yes" and UserKnownHostsFile=/dev/null to make the app a bit more deterministic. [This introduces a security assumption that may be dangerous in some environments.] That same author suggests that the more paranoid might push around host files.

One person complained about the multi-stage effort required to create public/private key pairs were derived.

As to the reference to sendmail and interface accessibility, one person put it this way:

I'm strongly infavour of any protocol that can be done eaisly with a human
driving it at the keyboard, being able to telnet to port 25 and manually
enter SMTP commands is a good example of a protocol that can be eaisly
emulated by a human for diagnostic purposes. It's invaluable in an
emergency.

Thanks again for your comments.

Eliot

--
to unsubscribe send a message to netconf-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://ops.ietf.org/lists/netconf/>

Prev by Date: Re: FW: FW: FW: RFC3535 question/clarification
Next by Date: FYI: nanog archives
Previous by thread: Multiple "Running" configurations
Next by thread: FYI: nanog archives
Index(es):
- Date
- Thread