Core router bakeoff?

This is going to sound mean, but it isn't intended to be :slight_smile:

Cisco's documentation on Kerberized telnet is actually pretty darn good.
It's a three or four-step process. The docs even include sample KDC
configs. Documentation for 11.2 is in the 'Security Configuration Guide'
section on 'Configuring Network Access Security,' 'Establishing
Kerberos-Authenticated Server-Client System.'


So what do you do when you're at a conference, your laptop has been stolen
and the cell phone rings?

If you were using ssh for secure access then the answer would be to find a
machine with a web browser, go to and download
the 30-day free trial version of the Windows or Mac ssh client as
appropriate, and, voila!, you have secure access to your network. But,
alas, if you are using a Cisco router, you cannot get in directly but must
instead use a UNIX host as a proxy, either to get access to a backdoor
network or to get to a Kerberized telnet client.

It would be nicer if Cisco would support sshd but I suppose that would
make the PCMCIA flash cards into munitions that are illegal to export...

In article <>,

It is just as easy to download a kerberized versions of NCSA telnet or
NiftyTelnet, for the mac or pc. And you don't leave crumbs of host keys
like ssh does.


No it's not. I gave a URL for the Mac and Windows ssh clients; you didn't.


PC (win32)