Thank you. You know how we sometimes only have vague understanding that somehow stays vague.. Your explanation below popped things into place and cleared the fog I had. Thanks again!
On Saturday, December 30th, 2023 at 12:26, Jon Perryman <jperr...@pacbell.net> wrote: > On Sat, 30 Dec 2023 04:02:22 +0000, kekronbekron kekronbek...@protonmail.com > wrote: > > > So SSH is used for auth and encryption, > > > SSH has multiple features. Understand that SSH primary feature is "Secure > SHell" where you can issue UNIX commands on a remote UNIX system thru an > encrypted connection. You must login to that remote system thru SSH using one > of the implemented methods (e.g. userid / password). SSH is delivered on most > UNIX systems although it may require some configuration. > > > and mainly just as a tunnel (as the first mail mentioned). > > > Port tunneling is a second feature which I believe disables shell commands > (never bothered to try it). There's plenty of documentation on the internet > (e.g. https://linuxize.com/post/how-to-setup-ssh-tunneling/). > > An unencrypted 3270 connection: > tn3270 -host MVSsystem.com -port 3270 > > Encrypted 3270 connection > ssh -L localhost:100:MVSsystem.com:3270 unix_use...@mvssystem.com > TN3270 -host localhost -port 100 > > Specifying localhost is important because it limits access to his specific > machine. 0.0.0.0 would allow other machines to access MVSsystem.com thru this > machine. > > The server and client can be on either side but I always used the client app > on the machine issuing the SSH with the server on the other machine. > > > The traffic that's tunnelled may be any protocol or a TCP socket. > > > In theory, yes but I've only used it with TCP. > > > and the goal is to just use SSH's ubiquity (say port 22) to make life > > easier w.r.t firewalls and all that. > > > The goal is encryption which is provided by SSH instead of building it into > the application. As for firewalls, I don't see how it changes anything. > Firewall implements NAT, filtering, proxy servers and ???. I would think that > implementing SSL into the client / server would be more secure. > > > I wonder if spiped fits the bill - https://www.tarsnap.com/spiped.html > > > I'm not familiar with SPIPED but from that documentation, it appears it could > be used for this purpose. The drawback is that you must install the client. > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
