From owner-freebsd-questions@FreeBSD.ORG Fri Aug 1 15:37:19 2008 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 7996E1065670 for ; Fri, 1 Aug 2008 15:37:19 +0000 (UTC) (envelope-from ml@netfence.it) Received: from parrot.aev.net (parrot.aev.net [212.31.247.179]) by mx1.freebsd.org (Postfix) with ESMTP id DAF828FC24 for ; Fri, 1 Aug 2008 15:37:18 +0000 (UTC) (envelope-from ml@netfence.it) Received: from soth.ventu ([151.77.250.23]) (authenticated bits=128) by parrot.aev.net (8.14.2/8.14.2) with ESMTP id m71FcjHh084609 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=FAIL) for ; Fri, 1 Aug 2008 17:38:50 +0200 (CEST) (envelope-from ml@netfence.it) Received: from alamar.ventu (alamar.ventu [10.1.2.18]) by soth.ventu (8.14.2/8.14.2) with ESMTP id m71FbPUk048274; Fri, 1 Aug 2008 17:37:25 +0200 (CEST) (envelope-from ml@netfence.it) Message-ID: <48932DA4.4000707@netfence.it> Date: Fri, 01 Aug 2008 17:37:08 +0200 From: Andrea Venturoli User-Agent: Thunderbird 2.0.0.16 (X11/20080727) MIME-Version: 1.0 To: "B. Cook" References: <3E40D840-E616-41CA-8708-B06904699432@poughkeepsieschools.org> <489325CD.7030402@netfence.it> In-Reply-To: <489325CD.7030402@netfence.it> Content-Type: text/plain; charset=US-ASCII; format=flowed Content-Transfer-Encoding: 7bit X-Scanned-By: MIMEDefang 2.64 on 212.31.247.179 Cc: freebsd-questions@freebsd.org Subject: Re: secure access to AS/400 ? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 01 Aug 2008 15:37:19 -0000 Andrea Venturoli ha scritto: > B. Cook ha scritto: > >> As I am not knowledgeable about AS/400's I do not know if there is an >> openssh/sshd app that could be put on there. > > AS/400 supports telnet over SSL, though I never found it to be in use. > > > >> If they can not find some form of sshd to put on the AS/400 > > Normally it all boils down to: they could, but will not bother to (they > probably never used it and don't have experience with it, anyway). > > > >> I could give people access to a FreeBSD via ssh and then have them use >> 'something' to connect to it. > > I would not do so, since you would need local users on the FreeBSD box, > which I usually try and avoid. > > > > > Is there some terminal emulator that I would have to give them? > > If you really want to go this way, tn5250 is in ports. > > > > > VPNs (with whatever technology) might be a better solution. I forgot: altough I never tried this, you may want to experiment with stunnel to allow for telnet/SSL on the client side, without the need to enable it on the server side. Disadvantage is, you lose the ability to discriminate which user can connect from the outside and which cannot. bye av.