On Tue, 9 Jan 2024 11:41:45 -0600, Grant Taylor <gtay...@tnetconsulting.net> wrote:
>This is important to keep in mind when you are considering which way the >port forwarded traffic will go in relation to which end is the SSH client. Tunnels are bidirectional so it does not matter which way traffic is forwarded. What is important is the system with the listener port (often referred to as server). >N.B. the -L and -R are reference to the ssh /client/. This is very simple. You are moving the listener port from one computer to another computer. Consider TN3270 connecting to your z/OS system. You specify an IP address and port on TN3270 which means you want to connect to the listener port on z/OS. -R means you are issuing the SSH tunnel command from z/OS (listener port/server machine) whereas -L means you're means you are issuing the SSH tunnel command from the TN3270 computer (client). Regardless of -R or -L, you now have the listener port on the computer where you issue the TN3270 command. You may wonder why you might need -R. The SSH command exposes identification (e.g. userid & password). -L exposes a z/OS userid & password on each TN3270 computer which is not easily protected. -R exposes Unix/Windows userid/password on z/OS where you can fully protect them in 1 location and easily restrict access. I used TN3270 as an example that is familiar to everyone in this group. But this holds true for all TCP connections. Some exceptions may apply but it's unlikely most people will be in those situations. ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN