On Sat, 30 Dec 2023 04:02:22 +0000, kekronbekron <kekronbek...@protonmail.com> wrote:
>So SSH is used for auth and encryption, SSH has multiple features. Understand that SSH primary feature is "Secure SHell" where you can issue UNIX commands on a remote UNIX system thru an encrypted connection. You must login to that remote system thru SSH using one of the implemented methods (e.g. userid / password). SSH is delivered on most UNIX systems although it may require some configuration. > and mainly just as a tunnel (as the first mail mentioned). Port tunneling is a second feature which I believe disables shell commands (never bothered to try it). There's plenty of documentation on the internet (e.g. https://linuxize.com/post/how-to-setup-ssh-tunneling/). An unencrypted 3270 connection: tn3270 -host MVSsystem.com -port 3270 Encrypted 3270 connection ssh -L localhost:100:MVSsystem.com:3270 unix_use...@mvssystem.com TN3270 -host localhost -port 100 Specifying localhost is important because it limits access to his specific machine. 0.0.0.0 would allow other machines to access MVSsystem.com thru this machine. The server and client can be on either side but I always used the client app on the machine issuing the SSH with the server on the other machine. >The traffic that's tunnelled may be any protocol or a TCP socket. In theory, yes but I've only used it with TCP. > and the goal is to just use SSH's ubiquity (say port 22) to make life easier > w.r.t firewalls and all that. The goal is encryption which is provided by SSH instead of building it into the application. As for firewalls, I don't see how it changes anything. Firewall implements NAT, filtering, proxy servers and ???. I would think that implementing SSL into the client / server would be more secure. >I wonder if spiped fits the bill - https://www.tarsnap.com/spiped.html I'm not familiar with SPIPED but from that documentation, it appears it could be used for this purpose. The drawback is that you must install the client. ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
