The answer to your question is yes. You will need to create an exit program for telnet that will determine if a session request is from inside or outside, based on ip address. You can then check to make certain that the outside requests are using ssl and coming in on port 992.

Jim Franz wrote:
David, my real question is whether I can be SSL in remote access only,
and not ssl telnet (client access) on the local lan? Customers are balking
at both vpn or changing their local network to ssl, just so remote access
is more secure.
jim
----- Original Message ----- From: "David C. Shea" <dshea@xxxxxxxxxxxx>
To: "Midrange Systems Technical Discussion" <midrange-l@xxxxxxxxxxxx>
Sent: Thursday, March 18, 2004 8:18 PM
Subject: RE: remote telnet with ssl




Telnet with SSL works very nicely on the AS/400.  I have tested it with
Client Access, Mocha and Nexus Mainframe Terminal.  Mocha and NMT also
have SSL enabled printer features that work very nicely.

You need to set up a certificate on the AS/400, which it then dishes out
to the client automagically.  You need to be able to get through to the
AS/400 on port 992 instead of port 23 like regular telnet.  So, you'd
have to open up that port on the firewall.  The problem with Client
Access is that you need to open up several other ports besides 23 or 992
to be able to connect.  CA does something special before even initiating
the telnet connection.

A decent VPN is probably more secure than SSL telnet, but SSL telnet at
least encrypts the traffic between host and client.

If you really wanted to get fancy, I assume that you could set up
certificates at both ends (as400 and pc) so that the host 400 wouldn't
just dish out a cert to anyone that comes knocking.  This would provide
an added level of security - only someone with the right cert installed
could get a connection.

If I recall, setting up the cert on the 400 wasn't a big deal.  The info
center had the step by step.  I managed to get it running in about a
half hour.

-----Original Message-----
From: midrange-l-bounces@xxxxxxxxxxxx
[mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of Jim Franz
Sent: Thursday, March 18, 2004 8:07 PM
To: MIDRANGE-L@xxxxxxxxxxxx
Subject: remote telnet with ssl

Is there such a thing as remote telnet with ssl, but
not having to ssl the local network?
This is to have remote "support" access to customers
who don't want a vpn or to use ssl locally. Currently
no windoze server for other options.
jim


_______________________________________________ This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing

list


To post a message email: MIDRANGE-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/midrange-l.





_______________________________________________ This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list To post a message email: MIDRANGE-L@xxxxxxxxxxxx To subscribe, unsubscribe, or change list options, visit: http://lists.midrange.com/mailman/listinfo/midrange-l or email: MIDRANGE-L-request@xxxxxxxxxxxx Before posting, please take a moment to review the archives at http://archive.midrange.com/midrange-l.





As an Amazon Associate we earn from qualifying purchases.

This thread ...

Follow-Ups:
Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2022 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.