[liberationtech] Question re Cisco auth and remote login best-practices

[Bill Woodcock]

So, if we assume the worst, and figure we're just doing damage-control and minimizing a large problem, what are the best-practices to follow in configuring Cisco routers in remote locations?

Generate max-length (4096-bit?) RSA keys on them, for the SSH sessions…

Use remote auth to do command-by-command authorization, no level-15 logins?

Run TACACs over IPsec?  Over something else?

                                -Bill