[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

[Linux-cluster] anyone modified fence_mcdata to use ssh instead of telnet?

Telnet is fundamentally insecure. We've known this for about 20 years. Finally,
network switches, fibre switches, appliances, etc., have begun to recognize this
truth. For example, the McData fibre switches give you the choice of telnet
(evil) or ssh (good). Note that this is a choice between them...you cannot have
both protocols enabled at once (at least not with the switch hardware and
firmware rev I'm using).

So, like a good sysadmin, I enable ssh on my McData Sphereon 4400. I can ssh
into the switch and configure it via the command line. Happiness. Unfortunately,
the fence_mcdata script assumes that the only way to connect to the switch is
via (evil) telnet.

Before I start hacking the fence_mcdata script...has anyone already modified 
this to make it more secure? If not, this would be a simple product 
enhancement (hint, hint).



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]