can you use SecurID with rancid?
Terry Kennedy
terry at tmk.com
Tue May 10 03:23:48 UTC 2005
> Thanks for the note. Was just showing your media system web page to
> someone this afternoon.
8-}
[snip]
> All good points, but where am I left if I want to protect my network
> gear with OTPs and still run rancid? It seems they are mutually
> incompatible. I can create a single instance of a reusable password to be
> used for rancid logins, but that doesn't improve the situation.
>
> > I'm not saying it isn't a good idea for your specific application, I'm
> > just explaining why I never bothered to add CRYPTOCard support to it (we're
> > a heavy user of these cards here).
>
> So what do you do?
We ("real people") use CRYPTOCard access to our various devices (via the
TACACS+ hooks). SSH is encouraged, but in cases where it isn't available,
on the trusted parts of our network, there's an occasional Telnet session.
RANCID uses a fixed (per-device) password and always accesses the devices
via SSH, as long as the devices are SSH-capable. There are some older boxes
that don't do SSH, but as we control the infrastructure between the RANCID
box and those devices, we grin and bear it. SSH is a must-have on any new
device purchases, however.
Terry Kennedy http://www.tmk.com
terry at tmk.com New York, NY USA
More information about the Rancid-discuss
mailing list