× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  • Subject: Fw: Reaching AS/400 over telnet and tn5250
  • From: "Administrator" <pegasus@xxxxxxxx>
  • Date: Tue, 23 Nov 1999 15:45:08 +0100

 
---- Original Message -----
From: Ertan Kucukoglu <ertank@ozlerplastik.com>
To: <LINUX5250@midrange.com>
Sent: Tuesday, November 23, 1999 7:52 AM
Subject: Reaching AS/400 over telnet and tn5250


> Hello,
>
> I have a problem about setting up my configuration.
>
> I have to reach AS/400 over internet. Linux is connected to internet and
> I have no problems reaching AS/400 with Linux console.
>
> I have to use AS/400 like below:
>
>          internet             LAN
> Some PC------------->Linux------------>AS/400
>
> My problem  is that I have problems with function keys. I have a telnet
> program that supports VT100/102/220 and ANSI. I have no idea what
> terminal type is required to be able to use function keys (VT52?).
>
> I need a telnet program for Win side that can handle function keys.
>
Have a look to http://www.multimania.com/tothpaul/usdelphi.htm
tn5250, or test the Mocha W32 terminalemulation or use the
DOS, WIN ports of tn5250.
ftp://ftp.blarg.net/users/mmadore/TN5250.zip
ftp.blarg.net/users/mmadore/tn5250-x86-win32-0.13.1.zip

> Can somebody help me?
>
> Thanks,
>
But don't expose your data in clear text on the internet.
You have to run your connection via tunnel like skip or
ipsec freeSwan. On the Dos/Win side I suggest teraterm with
the ssh extention of Robert O'Callahan.
> --
> Ertan Kucukoglu
> ertank@ozlerplastik.com
> +---
> | This is the LINUX5250 Mailing List!
> | To submit a new message, send your mail to LINUX5250@midrange.com.
> | To subscribe to this list send email to LINUX5250-SUB@midrange.com.
> | To unsubscribe from this list send email to
LINUX5250-UNSUB@midrange.com.
> | Questions should be directed to the list owner/operator:
david@midrange.com
> +---
Title: TTSSH Documentation (for version 1.4)

TTSSH: An SSH Extension to Teraterm

Version 1.5

By Robert O'Callahan (roc+tt@cs.cmu.edu)

Installation Instructions

Installation instructions are on the main TTSSH page.

Logging in and Authenticating

When TTSSH is installed and activated, the New Connection dialog box will show three buttons for the "service type": Telnet, SSH and Other. Select SSH.

Once an SSH connection is established, a dialog box will pop up asking for authentication information. This is where you identify yourself to the server. Enter your username, and select one of the authentication methods:

If the server accepts your authentication, your shell session will start. The Teraterm icon changes to a screen with a key under it to let you know when you have a secure connection. If the server rejects you, then you can try again to authenticate some other way (perhaps by sending a different password). Note that you can only specify your user name the first time, and after that it can't be changed --- this is a limitation of the SSH protocol.

You can use the SSH Authentication command on the Setup menu to choose default settings for the authentication dialog. However, you cannot enter a default password; that would be quite insecure and we don't want people to create security problems accidentally.

Host Key Management

To protect you from hostile machines pretending to be your server, TTSSH checks the server's "host key" to see if it is correct. To do this, it maintains an "ssh_known_hosts" file containing the host keys of all machines it knows about.

By default, it uses the file "ssh_known_hosts" in the Teraterm directory. Therefore if you have an ssh_known_hosts file that you want to use, copy it into your Teraterm directory and it will be used automatically.

When TTSSH contacts a server that is not mentioned in the known-hosts file, it will display a warning message. You can choose to ignore the warning and continue, or disconnect. If you continue you must be aware that TTSSH was not able to verify the identity of the server machine. If you continue, you can also specify that the key should be saved in the known-hosts file. This will prevent the warning from being displayed again for this server.

When TTSSH contacts a server that gives it a different key to the one mentioned in the known-hosts file, it will display a similar warning message. However, you should be aware that this situation is more serious from a security point of view; either the server's key has changed for a legitimate reason, or some machine is attempting to impersonate the server. Proceed with extreme caution.

In the TTSSH Setup dialog box, accessible from the Setup menu, you can choose which known-hosts file(s) to use. You can specify one file that will be used as the "read-write" file; this file is consulted to check host keys, and if you request to have a host key added, it is added to this file. You can specify additional multiple read-only files that are consulted to check host keys but are never added to. The names of the read-only files must be separated by ';'s. If you leave the read-write file box blank, then host keys cannot be added --- this might be a good idea in some environments.

Command-line Parameters

You can give the command-line option "/ssh" (or "-ssh") to cause SSH to be enabled automatically. This is particularly useful in shortcuts. For example, "ttssh pink-floyd:22 /ssh" starts an SSH connection to pink-floyd. Don't forget to explicitly specify port 22.

You can give the command-line option "/ssh-v" (or "-ssh-v") to make TTSSH dump a log file to TTSSH.LOG. This can help to find problems.

Port Forwarding

Connection forwarding is available from the command line and through the "SSH Forwrding" command on the Setup menu.

In "Setup/SSH Forwarding", you can configure which forwardings will be performed. There are really three kinds of forwardings:

If you want to use the command line, the command-line options are similar to the Unix "ssh" forwarding options. Instead of "-L port:remotehost:remoteport" use "/ssh-Llocalport:remotehost:remoteport" (no space). Instead of "-R remoteport:localhost:localport" use "/ssh-Rremoteport:localhost:localport" (no space). You can specify multiple ports for forwarding by giving multiple options. You can also use the option "/ssh-X" to request X11 forwarding from the remote server to your local X server.

Security of forwarded connections: Connections to forwarded ports on the local host (i.e. the Windows machine) are rejected unless the connection comes from an IP number that is listed as an IP number of the local host. Therefore a blind spoofing attack is possible, but I don't see how to remove this possibility without disabling forwarding altogether. Connections to forwarded ports on the remote host are not checked by the client; I assume that the server controls access to them. Therefore, only use port forwarding, in particular server-to-client forwarding, if you know what you are doing.

In version 1.5, I introduced an option to allow anyone to connect to forwarded ports. This is VERY STUPID. If you use it you are quite likely to create a gaping wide security hole. It is only accessible by setting the variable "LocalForwardingIdentityCheck" to 0 in the .INI file.

Other Tricks

For machines that you log into frequently, it's often convenient to create a shortcut that you can use to start a session --- e.g.

ttssh pink-floyd:22 /ssh
as mentioned above. Also, you can setup Teraterm and TTSSH differently for each machine by saving settings into different .INI files (using the Save Settings command on the Setup menu), and then using the /f option to load the right settings file:
ttssh pink-floyd:22 /ssh /f=pink-floyd.ini
You can also tell TTSSH to try logging in with your default authentication settings, as follows:
ttssh pink-floyd:22 /ssh /f=pink-floyd.ini /ssh-autologin
This has basically the same effect as automatically pressing "OK" when the Authentication dialog box appears. Note that, to avoid security problems, TTSSH will never store a default password/passphrase for you, so for autologin to work, you will have to set things up so that you don't need a password. This basically means that you need to use RSA authentication with a keyfile that has no passphrase. This is dangerous and I'm not going to explain how to do it; this is for advanced users only.

You can bypass TTSSH.EXE and enable the SSH extension whenever you run Teraterm. To do this, make sure that the environment variable TERATERM_EXTENSIONS is set to 1. You might as well make this change in your user profile, as it will speed up the startup a little bit. To set the environment variable in Windows NT, use the System control panel. In Windows 95, edit AUTOEXEC.BAT and add the line

set TERATERM_EXTENSIONS=1

The About TTSSH dialog box shows you various bits of information about the status of the connection.

Robert O'Callahan

As an Amazon Associate we earn from qualifying purchases.

This thread ...


Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.