On Thu, Sep 21, 2023 at 6:56 AM Jim <mysi...@gmail.com> wrote: ... > My understanding is a good number of password manager products exists which > will handle that, > and then the only AAA which network devices need to be concerned about for > Authentication and > Authorization is Basic password auth, which all equipment supports. And > the security problems > don't arise so much for using the TACACS+ / Tac_plus service Solely for > Accounting > (in addition to basic remote syslog).
it's important to recognize that there's not really any protection (practical protection) from MITM if you use a passwd with your ssh connection. A key'd authentication has these protections, as a quirk of the ssh protocol... (or a design feature if you wish) A certificate authenticated session has these same protections.