David, my real question is whether I can be SSL in remote access only, and not ssl telnet (client access) on the local lan? Customers are balking at both vpn or changing their local network to ssl, just so remote access is more secure. jim ----- Original Message ----- From: "David C. Shea" <dshea@xxxxxxxxxxxx> To: "Midrange Systems Technical Discussion" <midrange-l@xxxxxxxxxxxx> Sent: Thursday, March 18, 2004 8:18 PM Subject: RE: remote telnet with ssl > Telnet with SSL works very nicely on the AS/400. I have tested it with > Client Access, Mocha and Nexus Mainframe Terminal. Mocha and NMT also > have SSL enabled printer features that work very nicely. > > You need to set up a certificate on the AS/400, which it then dishes out > to the client automagically. You need to be able to get through to the > AS/400 on port 992 instead of port 23 like regular telnet. So, you'd > have to open up that port on the firewall. The problem with Client > Access is that you need to open up several other ports besides 23 or 992 > to be able to connect. CA does something special before even initiating > the telnet connection. > > A decent VPN is probably more secure than SSL telnet, but SSL telnet at > least encrypts the traffic between host and client. > > If you really wanted to get fancy, I assume that you could set up > certificates at both ends (as400 and pc) so that the host 400 wouldn't > just dish out a cert to anyone that comes knocking. This would provide > an added level of security - only someone with the right cert installed > could get a connection. > > If I recall, setting up the cert on the 400 wasn't a big deal. The info > center had the step by step. I managed to get it running in about a > half hour. > > -----Original Message----- > From: midrange-l-bounces@xxxxxxxxxxxx > [mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of Jim Franz > Sent: Thursday, March 18, 2004 8:07 PM > To: MIDRANGE-L@xxxxxxxxxxxx > Subject: remote telnet with ssl > > Is there such a thing as remote telnet with ssl, but > not having to ssl the local network? > This is to have remote "support" access to customers > who don't want a vpn or to use ssl locally. Currently > no windoze server for other options. > jim > > > _______________________________________________ > This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list > To post a message email: MIDRANGE-L@xxxxxxxxxxxx > To subscribe, unsubscribe, or change list options, > visit: http://lists.midrange.com/mailman/listinfo/midrange-l > or email: MIDRANGE-L-request@xxxxxxxxxxxx > Before posting, please take a moment to review the archives > at http://archive.midrange.com/midrange-l. > >
As an Amazon Associate we earn from qualifying purchases.
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.