Jon, I don't think you answered my question.
If on your client you set up a TN3270 tunnel with: ssh -L 623:127.0.0.1:623 zoshost and then connect your tn3270 client to port localhost:623 and login How EXACTLY is your userid and password exposed? Kirk Wolf Dovetailed Technologies http:// <http://dovetail.com>coztoolkit.com On Tue, Jan 9, 2024, at 10:18 PM, Jon Perryman wrote: > On Tue, 9 Jan 2024 20:18:42 -0600, Kirk Wolf <k...@coztoolkit.com> wrote: > > >On Tue, Jan 9, 2024, at 5:18 PM, Jon Perryman wrote: > \>> You may wonder why you might need -R. The SSH command exposes > identification (e.g. userid & password). > >> -L exposes a z/OS userid & password on each TN3270 computer which is not > >> easily protected. > > > >Exposes how? Do you mean that traffic on one socket across the loopback > >adapter > > Amazingly the hack is much simpler. Scan thru github for userid's / > passwords. There are opensource utilities that will find the most common > occurrences. > > Consider DB2 connect in z/OS using shared RACF, ACEE and trust for every > machine within the SYSPLEX. No userid / password (or some other > identification method is not allowed) > > DB2 connect client for Linux, Windows and ??? is completely different. For > instance, the DB2_CONNECT for PHP is documented as follows: > > db2_connect( > string $database, > ?string $username, > ?string $password, > array $options = [] > ): resource|false > Creates a new connection to an IBM DB2 Universal Database, IBM Cloudscape, or > Apache Derby database. > > This is a common Unix practice (not necessarily a best practice). People tend > to follow the documentation. > > Surprisingly, some people do not sanitize their code before uploading to > github (or other open source repositories). > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN > ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
