In case you are not sure how to write a telnet exit program...here's a
link to an article, with code sample, to show you how.

http://www.midrangeserver.com/mpo/mpo091202-story06.html

Shannon O'Donnell





-----Original Message-----
From: midrange-l-bounces@xxxxxxxxxxxx
[mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of Wayne McAlpine
Sent: Friday, March 19, 2004 9:54 AM
To: midrange-l@xxxxxxxxxxxx
Subject: Re: remote telnet with ssl


The answer to your question is yes.  You will need to create an exit 
program for telnet that will determine if a session request is from 
inside or outside, based on ip address.  You can then check to make 
certain that the outside requests are using ssl and coming in on port
992.

Jim Franz wrote:
> David,  my real question is whether I can be SSL in remote access 
> only, and not ssl telnet (client access) on the local lan? Customers 
> are balking at both vpn or changing their local network to ssl, just 
> so remote access is more secure. jim
> ----- Original Message ----- 
> From: "David C. Shea" <dshea@xxxxxxxxxxxx>
> To: "Midrange Systems Technical Discussion" <midrange-l@xxxxxxxxxxxx>
> Sent: Thursday, March 18, 2004 8:18 PM
> Subject: RE: remote telnet with ssl
> 
> 
> 
>>Telnet with SSL works very nicely on the AS/400.  I have tested it 
>>with Client Access, Mocha and Nexus Mainframe Terminal.  Mocha and NMT

>>also have SSL enabled printer features that work very nicely.
>>
>>You need to set up a certificate on the AS/400, which it then dishes 
>>out to the client automagically.  You need to be able to get through 
>>to the AS/400 on port 992 instead of port 23 like regular telnet.  So,

>>you'd have to open up that port on the firewall.  The problem with 
>>Client Access is that you need to open up several other ports besides 
>>23 or 992 to be able to connect.  CA does something special before 
>>even initiating the telnet connection.
>>
>>A decent VPN is probably more secure than SSL telnet, but SSL telnet 
>>at least encrypts the traffic between host and client.
>>
>>If you really wanted to get fancy, I assume that you could set up 
>>certificates at both ends (as400 and pc) so that the host 400 wouldn't

>>just dish out a cert to anyone that comes knocking.  This would 
>>provide an added level of security - only someone with the right cert 
>>installed could get a connection.
>>
>>If I recall, setting up the cert on the 400 wasn't a big deal.  The 
>>info center had the step by step.  I managed to get it running in 
>>about a half hour.
>>
>>-----Original Message-----
>>From: midrange-l-bounces@xxxxxxxxxxxx 
>>[mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of Jim Franz
>>Sent: Thursday, March 18, 2004 8:07 PM
>>To: MIDRANGE-L@xxxxxxxxxxxx
>>Subject: remote telnet with ssl
>>
>>Is there such a thing as remote telnet with ssl, but
>>not having to ssl the local network?
>>This is to have remote "support" access to customers
>>who don't want a vpn or to use ssl locally. Currently
>>no windoze server for other options.
>>jim
>>
>>
>>_______________________________________________
>>This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
> 
> list
> 
>>To post a message email: MIDRANGE-L@xxxxxxxxxxxx
>>To subscribe, unsubscribe, or change list options,
>>visit: http://lists.midrange.com/mailman/listinfo/midrange-l
>>or email: MIDRANGE-L-request@xxxxxxxxxxxx
>>Before posting, please take a moment to review the archives at 
>>http://archive.midrange.com/midrange-l.
>>
>>
> 
> 
> 
> _______________________________________________
> This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing

> list To post a message email: MIDRANGE-L@xxxxxxxxxxxx To subscribe, 
> unsubscribe, or change list options,
> visit: http://lists.midrange.com/mailman/listinfo/midrange-l
> or email: MIDRANGE-L-request@xxxxxxxxxxxx
> Before posting, please take a moment to review the archives at 
> http://archive.midrange.com/midrange-l.
> 
> 


_______________________________________________
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
list To post a message email: MIDRANGE-L@xxxxxxxxxxxx To subscribe,
unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/midrange-l.





As an Amazon Associate we earn from qualifying purchases.

This thread ...

Follow-Ups:
Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2022 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.