× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. MIDRANGE-L
  3. October 2024

Re: Inbound SSH allowed to be used with Code for i and other tools ?

That's what it is, Rob.

JS


El jue, 31 oct 2024 a las 8:34, Rob Berendt (<robertowenberendt@xxxxxxxxx>)
escribió:

Scream tests are so much fun when first implemented. Nothing like network
person monitoring for 24 hours and determining that nothing is using a
service and shutting it down only for you to find out about it when Call
Home, ptf ordering or some rare, but critical, process tries to use it.
Then making you fill out a "Yes, I have a business need" form and having it
go through the approval process.

On Thu, Oct 31, 2024 at 10:14 AM Javier Sanchez <
javiersanchezbarquero@xxxxxxxxx> wrote:

Firewalls and VLANs were invented for that.
You first deny all for a scream test, then start granting access to who
needs it.

JS

El mié, 30 oct 2024 a las 13:07, Rob Berendt (<
robertowenberendt@xxxxxxxxx
)
escribió:

Often these are recommendations. And, if you have a written business
case
as to why you need SSH connection you can get it.
Here, we have a tool which monitors many of the stuff you can install
on
your PC. If you try to install putty you have to write something up
and
they contact the tool vendor and get you excepted. Do not believe you
can
just download putty yourself, install it and go. I've tried, when I
got
my
new laptop. It stops it dead. I explained I needed it for HMC
communicating, etc. And I immediately asked and got permission.

Summary: So, apparently it is not uncommon to find sites like this.
Most
times it can be overridden if you just can get over the fear of asking
and
communicating.

To the best of my knowledge, the main concern with SSH is that it is
the
open system version of secure telnet and the preferred tool of those
who
like command line access to many pieces of equipment versus the GUI
interface. And is quite easy to script and be used to probe for
openings.

On Wed, Oct 30, 2024 at 2:51 PM Richard Schoen <
richard@xxxxxxxxxxxxxxxxx>
wrote:

Using SSH with IBM i.

How many of you work in businesses where you're allowing SSH to be
used
with tools like VS Code ?

I'm hearing varying opinions because of potential security issues.

Was talking to a large insurance company yesterday and they asked
best
way
to secure SSH. Currently they don't allow it so RDI only tool option
for
editing.

Also if allowing SSH, what's a good way to monitor SSH connections
and
connection attempts ? (I know I've seen SSH be used for DOS attacks
before
on public IBMi systems.)

Would be interesting to see Mapepire and/or codefori server morphed
into
an appropriate server that wouldn't require an SSH connect.

I've done connectivity via jt400 in Java and .Net for years before we
had
SSH.

I would love to hear your opinions as the hesitation because of
system
compromise is real.

Regards,
Richard Schoen
Web: http://www.richardschoen.net<http://www.richardschoen.net/>
Email: richard@xxxxxxxxxxxxxxxxx<mailto:richard@xxxxxxxxxxxxxxxxx>

--
This is the Midrange Systems Technical Discussion (MIDRANGE-L)
mailing
list
To post a message email: MIDRANGE-L@xxxxxxxxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives
at https://archive.midrange.com/midrange-l.

Please contact support@xxxxxxxxxxxxxxxxxxxx for any subscription
related
questions.


--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
list
To post a message email: MIDRANGE-L@xxxxxxxxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives
at https://archive.midrange.com/midrange-l.

Please contact support@xxxxxxxxxxxxxxxxxxxx for any subscription
related
questions.


--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
list
To post a message email: MIDRANGE-L@xxxxxxxxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives
at https://archive.midrange.com/midrange-l.

Please contact support@xxxxxxxxxxxxxxxxxxxx for any subscription related
questions.


--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
To post a message email: MIDRANGE-L@xxxxxxxxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives
at https://archive.midrange.com/midrange-l.

Please contact support@xxxxxxxxxxxxxxxxxxxx for any subscription related
questions.



As an Amazon Associate we earn from qualifying purchases.

This thread ...
Replies:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.