No, normally browser-based stuff cannot do SSH. SSL was originally
invented for web browsers (though it was designed to be general-purpose,
it was designed by Netscape engineers who were trying to solve the
problem of being able to shop safely on the internet.) My point:
Browsers grew up with SSL, and use SSL for security. I've never heard
of a browser using SSH.
Also, JWalk is not browser based, unless they've changed it since I used
it? JWalk came in two varieties... a Windows program that you'd
install on each Windows PC (and reinstall on each individual PC when you
had to upgrade -- which was part of my job, I hated it.) Or a Java
applet that could be embedded inside the browser (but ran in the Java
plugin, not the browser itself.) It did not use the browser's
communication or run in the browser itself, like some of JWalk's
competition (such as Profound Logic's Genie, BCD's Presto, etc.)
SSH evolved from the need to have a secure shell (terminal emulation)
for Unix systems. It's a replacement for Telnet, FTP, RCP and Rexec
(remote command) for Unix systems. It also has -- and this is the
interesting part -- the ability to create "tunnels", where you simply
choose a TCP port on the client side, and connect it to a TCP port on
the server side, and anything that makes a connection to the client's
port will have it's traffic relayed to the server's port through a
secured/encrypted SSH tunnel.
So SSH won't directly work for a browser or a green-screen 5250 -- but
you could potentially use either one (HTTP or TN5250) through a SSH tunnel.
The idea would be that you'd set up the OpenSSH server (that comes with
IBM i) on the server side, and you'd set up an SSH client for windows (I
use Putty). You'd connect the SSH client and have it make a tunnel
that connects port number 23 (for example) on the client to port 23 on
the server. Then, you could point your TN5250 client NOT at the server
itself, but at port 23 on the client, and let SSH take care of moving
the traffic to the server. This results in an SSH-secured TN5250 session.
Of course, if you use Client Access as your 5250 emulator, it uses a
whole bunch of ports (not just port 23 like, well, everything else) so
you'd have to tunnel all of the ports.
The other alternative is to set up SSL in the IBM Telnet Server. Since
most (all?) TN5250 clients support Telnet over SSL, you wouldn't need to
deal with tunnels in that case... you'd just use SSL instead of SSH.
But, right now, the only way to do it with SSH (aside from writing your
own client and server) is to use a tunnel.
On 5/11/2013 11:59 AM, Kirk Goins wrote:
I know IBM i Access for Windows does SSL. I 'assume' that using a browser
based emulation like JWalk or ?? could use SSH. What are the options for
plain old 5250 Greenscreen via SSH? This needs to be on a client ( pc ) by