MIDRANGE dot COM Mailing List Archive



Home » MIDRANGE-L » May 2013

Re: 5250 via SSH Options?



fixed

Hi Kirk,

No, normally browser-based stuff cannot do SSH. SSL was originally invented for web browsers (though it was designed to be general-purpose, it was designed by Netscape engineers who were trying to solve the problem of being able to shop safely on the internet.) My point: Browsers grew up with SSL, and use SSL for security. I've never heard of a browser using SSH.

Also, JWalk is not browser based, unless they've changed it since I used it? JWalk came in two varieties... a Windows program that you'd install on each Windows PC (and reinstall on each individual PC when you had to upgrade -- which was part of my job, I hated it.) Or a Java applet that could be embedded inside the browser (but ran in the Java plugin, not the browser itself.) It did not use the browser's communication or run in the browser itself, like some of JWalk's competition (such as Profound Logic's Genie, BCD's Presto, etc.)

SSH evolved from the need to have a secure shell (terminal emulation) for Unix systems. It's a replacement for Telnet, FTP, RCP and Rexec (remote command) for Unix systems. It also has -- and this is the interesting part -- the ability to create "tunnels", where you simply choose a TCP port on the client side, and connect it to a TCP port on the server side, and anything that makes a connection to the client's port will have it's traffic relayed to the server's port through a secured/encrypted SSH tunnel.

So SSH won't directly work for a browser or a green-screen 5250 -- but you could potentially use either one (HTTP or TN5250) through a SSH tunnel.

The idea would be that you'd set up the OpenSSH server (that comes with IBM i) on the server side, and you'd set up an SSH client for windows (I use Putty). You'd connect the SSH client and have it make a tunnel that connects port number 23 (for example) on the client to port 23 on the server. Then, you could point your TN5250 client NOT at the server itself, but at port 23 on the client, and let SSH take care of moving the traffic to the server. This results in an SSH-secured TN5250 session.

Of course, if you use Client Access as your 5250 emulator, it uses a whole bunch of ports (not just port 23 like, well, everything else) so you'd have to tunnel all of the ports.

The other alternative is to set up SSL in the IBM Telnet Server. Since most (all?) TN5250 clients support Telnet over SSL, you wouldn't need to deal with tunnels in that case... you'd just use SSL instead of SSH. But, right now, the only way to do it with SSH (aside from writing your own client and server) is to use a tunnel.





On 5/11/2013 11:59 AM, Kirk Goins wrote:
I know IBM i Access for Windows does SSL. I 'assume' that using a browser
based emulation like JWalk or ?? could use SSH. What are the options for
plain old 5250 Greenscreen via SSH? This needs to be on a client ( pc ) by
client basis.

Thanks






Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2014 by MIDRANGE dot COM and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available here. If you have questions about this, please contact