× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. MIDRANGE-L
  3. November 2001

Re: Secure Shell on the 400

On Wed, 14 Nov 2001, Scott Klement wrote:

> One of the major reasons I'd like SSH on my AS/400 is *because* I've got
> BSD and Linux machines on my LAN.
>
> SSH would give me a simple interface to executing commands on those boxes
> without the security flaws of rexec/runrmtcmd/telnet and without having to
> hard code passwords...

I have to agree with you here.  I wasn't trying to say that OS/400
*shouldn't* support ssh, but rather that because it *doesn't* support it,
it doesn't make any sense from a costs/time perspective to use an AS/400
to do the transfer.  But you are right - ssh on OS/400 would be great.
I've never understood why people say that OS/400 is so secure when it
doesn't even support ssh (sniff, sniff).

> In fact, eliminating the unencrypted telnet sessions was the major reason
> that I wrote SSL support for the Linux 5250 client.  :)   I'd love to turn
> telnet off completely on all of my FreeBSD boxes, and only allow SSH.

I have telnet turned off on all my internet-accessible unix boxen.  We
have to allow telnet to be routed, though.  And you can turn off incoming
telnet on FreeBSD using hosts.allow/hosts.deny.  You can even doublely
(sp?) disable it if you have a stateful firewall for FreeBSD.  On second
thought you don't need a statefull firewall - just block incoming packets
to port 23.  You can also comment the telnet line in /etc/inetd.conf.
Heck, go ahead and delete /sbin/telnetd if you want.  You don't need any
of these things to use tn5250 or telnet to the AS/400.

Now I really am off topic to this list.  Sorry folks.

James Rich
james@eaerich.com

As an Amazon Associate we earn from qualifying purchases.

This thread ...
Follow-Ups:
Replies:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.