Re: ssh on JunOs 4.2 / XCompiler

From: Greg Ketell (gketell@juniper.net)
Date: Thu Feb 01 2001 - 17:53:27 EST


At 11:40 PM 2/1/2001 +0100, Arnd Vehling wrote:

> > You can load something onto "the other company's" routers?
>
>No, i have the choice to tamper with the product and loose
>the warranty if i want to.

That is always a choice. Jared was giving me grief because he didn't like
that choice. (No offense intended Jared.)

>I use only cisco and juniper at the moment so no, "i cant to this
>with the other routers".
>
>But there are other router products where i am able to upload software
>and on my ciscos (>=7500) is a ssh1 pre-installed.

We've already talked about why we don't do this YET. We Will.

>I hope that a juniper-box is a little bit more stable than an M$ Box
>and theres prove out there that the recent SSH releases are _extremely_
>stable on all other platforms. I would assume that this is the fact
>with a j-box too.

You're moving from the "general case" that Jared brought up to the specific
case of SSH. Yes, openSSH is very stable. We just Can't load it up for
export YET.

Have I said *YET* enough now?

>no, but a SSH _is_ worth the risk.

OK.

>With telnet i risk beeing sniffed
>or hijacked (somewhat unlikely) and face the same risk. In case
>of somebody sniffing my login data i not only risk the stability
>of my network but that of other networks too. Imagine somebody
>tampering with my BGP setup ot using a CIX Backbone router for
>DDOS Attacks. Thats worse than a backbone router going down.

True.

> > Juniper's answer to this question is "no".
>
>That became somewhat clear in your first mail already :)

(;->)

GK



This archive was generated by hypermail 2b29 : Mon Aug 05 2002 - 10:42:40 EDT