can you use SecurID with rancid?

Terry Kennedy terry at
Tue May 10 03:23:48 UTC 2005

> Thanks for the note.  Was just showing your media system web page to
> someone this afternoon.



> All good points, but where am I left if I want to protect my network
> gear with OTPs and still run rancid?  It seems they are mutually
> incompatible.  I can create a single instance of a reusable password to be
> used for rancid logins, but that doesn't improve the situation.
> >   I'm not saying it isn't a good idea for your specific application, I'm
> > just explaining why I never bothered to add CRYPTOCard support to it (we're
> > a heavy user of these cards here).
> So what do you do?

  We ("real people") use CRYPTOCard access to our various devices (via the
TACACS+ hooks). SSH is encouraged, but in cases where it isn't available,
on the trusted parts of our network, there's an occasional Telnet session.
RANCID uses a fixed (per-device) password and always accesses the devices
via SSH, as long as the devices are SSH-capable. There are some older boxes
that don't do SSH, but as we control the infrastructure between the RANCID
box and those devices, we grin and bear it. SSH is a must-have on any new
device purchases, however.

        Terry Kennedy   
        terry at             New York, NY USA

More information about the Rancid-discuss mailing list