I guess that makes me half right, half wrong, a half wit, or some combination thereof :-))
I'll admit that I tend to think in binary (albeit mostly zeros) and I consider an administrator's ID to be somewhat sensitive traffic. Of course, many (most?) might disagree. I don't think PCI is that granular. I'll also freely admit that SSH seems to be an excellent solution for interactive *nix sessions. But we need secure 'green screen' TN3270 TSO and automated batch FTP. -----Original Message----- From: IBM Mainframe Discussion List [mailto:[EMAIL PROTECTED] On Behalf Of McKown, John Sent: Tuesday, July 31, 2007 2:06 PM To: [email protected] Subject: Re: PCI Compliance - Encryption of all non-console administrative access. > -----Original Message----- > From: IBM Mainframe Discussion List > [mailto:[EMAIL PROTECTED] On Behalf Of Hal Merritt > Sent: Tuesday, July 31, 2007 1:57 PM > To: [email protected] > Subject: Re: PCI Compliance - Encryption of all non-console > administrative access. > > > I am probably not understanding how SSH works. I was under the > impression that you must first gain access via RACF and VTAM > (TCP/IP)before you can get to somewhere you can invoke SSH. > > Traffic via SSH is encrypted. Depends. I can use ssh on my desktop to connect to a UNIX shell on my z/OS system. This entire traffic is encrypted. This does depend on TCPIP, of course, but TCPIP does not require RACF validation in order to connect to an application (such as the SSH daemon). On my desktop, I enter: ssh zos.ip.address -l RACFID I then get prompted to enter the password for RACFID. This traffic is all encrypted. -- John McKown Senior Systems Programmer HealthMarkets Keeping the Promise of Affordable Coverage Administrative Services Group Information Technology NOTICE: This electronic mail message and any files transmitted with it are intended exclusively for the individual or entity to which it is addressed. The message, together with any attachment, may contain confidential and/or privileged information. Any unauthorized review, use, printing, saving, copying, disclosure or distribution is strictly prohibited. If you have received this message in error, please immediately advise the sender by reply email and delete all copies. ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
