"You may wonder why you might need -R. The SSH command exposes identification (e.g. userid & password). -L exposes a z/OS userid & password on each TN3270 computer which is not easily protected. -R exposes Unix/Windows userid/password on z/OS where you can fully protect them in 1 location and easily restrict access."
I'm sorry that it went that way, but referring to Jon's statement above I simply asked how -L exposes userid and password. Jon redirected the question to a discussion of storing passwords in script files. Of course we can all agree that that is a problem, but it wasn't the issue. PS> I tunnel tn3270 in ssh all the time, and I never store any passwords in files or scripts or pass them in command lines. Kirk Wolf Dovetailed Technologies http:// <http://dovetail.com>coztoolkit.com On Thu, Jan 11, 2024, at 1:42 PM, Rick Troth wrote: > bottom posting ... refreshing ... sincerely > > > On 1/11/24 14:08, Jon Perryman wrote: > > On Thu, 11 Jan 2024 09:47:45 -0600, Kirk Wolf <k...@coztoolkit.com> wrote: > > > >> Did I say anything about using passwords for ssh? > >> Again, this has nothing to do with your assertion that > >> using tn3270 over a ssh tunnel would expose the userid and password. > > This thread is specifically about using ssh tunnel to provide SSL for > > non-SSL TCP apps. TN3270 (without enabling SSL) is being used for context > > that everyone in this group understands. > > > > You ask how I would get your TSO userid / password when you run TN3270 thru > > an ssh tunnel. Very simply, the userid & password would likely be the same > > for both. Assuming you automated ssh with userid & password exposed, I just > > look at your script. > > > I don't understand the strife. > It's true that we normally go username/password for 3270 sign-on. > It's also true that we *can* sign-on using username/password with SSH. > But the latter is not recommended when you have SSH keys. And the > subject is "unattended" where keys would be *very* desirable. > > > -- R; <>< > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN > ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN