ssh versus telnet validation

The reason for doing this is in order that passwords don't pass in plain text on your network.  While using telnet, there is a risk that someone could capture the data in a network sniffer and thereby obtain the passwords to the network equipment.  If you are confident that this won't happen, then I wouldn't bother with ssh.  If you are worried by that risk, then use ssh.

I'm not sure that you'll find anything definitive that says you must use ssh, but there are recommendations on the Internet.  Here's one (http://www.dummies.com/how-to/content/cisco-networking-telnet-and-ssh-connections.html) from the For Dummies website, for example.

/T

I am trying to convince my manager from converting telnet to SSH. That is why I need credible sources that can back me up, like Cisco, HP, Juniper, etc... My manager said that there is no risk for somebody to compromise the network equipment even though the password is in plain text.

Ask him what would he tell his superiors when the system gets hack through his/her stubbornness to change security protocol to heighten the security within the organization.

Every half decent IT person should know not to use TELNET because of security flaws.

here is a link explaining the difference between ssh and telnet.

http://www.differencebetween.net/technology/internet/difference-between-telnet-and-ssh/

Hi Ken,
"I have seen things like this happen several times over the past decade." Any articles on this?

All,
His argument is our internal network (physical) is "secured" as the doors of the closets and server rooms are locked. We talked about the sniffing part. But in order for that to work, you have to physically access the switches and run SPAN or mirror port. Not sure how the sniffing will work if you come in through the FW.

leblanc - no articles on this.  These are things I have witnessed that have happened among my customer set, where internal attacks were made by employees or out going employees that have caused a lot of damage to their former employer.  Where there is a will there is a way.  There is not a network out there is 100% foolproof.  We do what we can to mitigate the risks we see.

Look here is the bottom line.  How hard is it really to freaking use ssh?  I mean for real.   There is a command line version of putty that can be installed:

http://kb.site5.com/shell-access-ssh/putty-how-to-start-a-ssh-session-from-the-command-line/

But gee whiz you can set up all your stuff in putty and just click on the links to access the devices.

If you want to buy something then get SecureCRT but really how much harder is it really to issue ssh than telnet?

Your boss is either lazy or is afraid of it because he doesn't understand it.

I could not agree more. I think I will make the case and I will enable ssh on the switches. Thank you all.

Dave,

That's a good one.