can you use SecurID with rancid?

Mark Boolootian booloo at
Tue May 10 03:23:01 UTC 2005

Hi Terry,

Thanks for the note.  Was just showing your media system web page to
someone this afternoon.

>   Also, depending on what underlying method is used (telnet, for example),
> regular RANCID sessions to a box would let an attacker build up a nice set
> of challenge/response pairs, which might make an attack easier. In the case
> of a single host, the attacker gets 24 known-good challenge/response pairs
> per day. If multiple boxes share the same algorithm / keys, the number of
> good pairs goes up very rapidly.

All good points, but where am I left if I want to protect my network
gear with OTPs and still run rancid?  It seems they are mutually 
incompatible.  I can create a single instance of a reusable password to be
used for rancid logins, but that doesn't improve the situation.

>   I'm not saying it isn't a good idea for your specific application, I'm
> just explaining why I never bothered to add CRYPTOCard support to it (we're
> a heavy user of these cards here).

So what do you do?

Mark Boolootian
UC Santa Cruz

More information about the Rancid-discuss mailing list