|
Hello Yvan,
I'm wondering if you didn't understand my reply? If so, can you
clarify what you didn't understand? Here are a few things I want
to be clear on:
1) I never suggested an encrypted connection. All connections I
suggested were encrypted with either SSL or SSH.
2) I never suggested a commercial product.
3) I am one of the authors of the TN5250 you refer to, and I
understand very well how it works.
4) However, it has been my experience that it does not do proper
keyboard mapping unless you run tn5250 on the same box with your
keyboard. The cursesterm interface you refer to works by assigning
escape codes to keys that don't normally have escape codes
assigned to them -- this will be very difficult to get working over
a term program like putty!
5) In my experience, TN5250 does not compile cleanly in PASE, so
you'd have to modify it. If it weren't for point #3, these
modifications might be a good idea, but...
6) Since you are going to need SOME program on the client box in
any case (maybe Putty, maybe something like Cygwin, you'll need
SOMETHING...) you might as well put TN5250 there, I think you'll
find a more secure, more satisfactory experience this way. TN5250
works nicely off of a flash drive or even a 3.5 floppy disk.
Is that clearer?
Also, please send all replies to the mailing list. There may be
others (now or sometime in the future) who are interested in this
topic. Sending your replies in private e-mail excludes those people
from being able to follow the discussion, which is not good!!
-SK
On 7/7/2013 11:32 AM, Yvan Janssens wrote:
Hello,
2013/7/7 Scott Klement <midrange-l@xxxxxxxxxxxxxxxx
<mailto:midrange-l@xxxxxxxxxxxxxxxx>>
I wouldn't run the tn5250 client in PASE. Instead, I'd carry a
flash drive with TN5250 installed on it, and use TN5250 with SSL
to connect to the IBM i.
If you prefer SSH to SSL for some reason, then have Putty or
OpenSSH on the flash drive as well as TN5250, and run TN5250
through an ssh tunnel.
Due to my profession I'm constantly required to be able to reach
machines in a secure way on untrusted networks - unencrypted
telnet sessions can be easily captured and displayed using e.g.
Wireshark, and when on the road/conferences I mostly reside on
places where people actively use such software.
I think running TN5250 on PASE will be difficult, and since
TN5250 won't have access to the keyboard, getting the keyboard
mapping right will be extremely difficult. I strongly recommend
running it on the end-PC rather than trying to run it on PASE.
The tn5250 client at http://tn5250.sf.net uses *curses for
terminal rendering/keyboard capture. It works quite well on Linux
machines using SSH, since curses uses the stdio to perform
input/output in a way that VT100/xterm like terminals understand
it.
Currently I run this on a small gateway Linux VM - it only
consists out of a kernel+userland+tn5250 client in the initial
ramdisk built using buildroot, and I want to consolidate this: if
I understand correctly, I can configure PASE|OS/400 V5R1 so that
if a user logs in, it authenticates to the SSH daemon, and when
authenticated a tn5250 to localhost is started with the user
being logged in.
This is not really a production setup (since the machine is an
old Model 150 which I use for testing edge-cases like this),
merely an experiment to consolidate the tn5250 client "inside"
the AS/400e so generic client software can be used next to the
old TN5250 protocol.
This also opens possibilities to the many web/HTML5/ajax based
SSH terminals available to be used to log into this system.
I know that commercial solutions carrying out this exist, but
I'm looking to do it myself to learn edge-cases and gain new
insights.
-SK
On 7/7/2013 9:41 AM, Yvan Janssens wrote:
Hello,
If I understand correctly, PASE is a unix (AIX)-like subsystem on
IBM i and predecessors.
I'm having the following setup in mind: * install GCC on PASE *
install OpenSSHD on PASE * install tn5250 console client on PASE
I want to use this setup to encrypt the TN5250 traffic, and I know
I can use SSL on the TELNETD. The issue with that is that I'm
mostly on-the-road and this is a test/dev system at home, and I
want to run the tn5250 client on the AS/400e (V5R1) itself so I
can basically use any PC w/ putty/openssh/<insert your most
favorite SSH client here>. I also want to use it as an SSH tunnel
to access the other services at the machine/my lan, and this setup
might solve all those things at once.
Now the questions are: * is this setup possible? ** which are the
drawbacks to such a setup, knowing that this is not production
hardware, but a spare device to carry out quick tests? * how do I
install AIX software on it? Can I use those GCC packages? * can I
use the normal init scripts to auto-start daemons in PASE?
I tried searching the interwebs and the IBM site, but all the
information is about more recent releases (V5R4+), and in the past
I ran into issues because of some things which weren't supported
yet.
Yvan Janssens
--
|_|0|_| Yvan Janssens |_|_|0| Observe. Hack. Meet.
https://www.ohm2013.org |0|0|0| ['2013-07-31','2013-08-04']
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2025 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.
midrange.com
