That's not how TN3270E protocols typically work. If you want encrypted TN3270E sessions (you should!), I recommend you enable TLS/SSL-encrypted TN3270E. That capability has been available for two decades now at no additional charge, starting way back in the OS/390 days, and progressively improved ever since. (DES and 3DES encrypted SNA has been around even longer than that.) There are a lot of references describing how to configure TLS/SSL-encrypted TN3270E, but try this one first:
http://www.redbooks.ibm.com/abstracts/sg248099.html Chapter 16 is where you'll want to spend most of your time, and specifically with the AT-TLS configuration. Note that you'll most likely want to deploy a TLS/SSL server certificate signed by a well known CA as part of your setup. IBM Personal Communications, IBM Host On-Demand, and virtually all other 3270 emulation software products support TLS/SSL-encrypted TN3270E sessions and have for many years (also for a couple decades really) -- with nothing particularly exotic or strange for the end users to do when configuring sessions. In contrast, TN3270E tunneling over SSH is not that common. The SSH Tectia Server for z/OS, a commercial product, officially supports 3270 tunneling over SSH. As far as I know the OpenSSH server included with z/OS 2.2, and its predecessors provided with the IBM Ported Tools for z/OS, do not. -------------------------------------------------------------------------------------------------------- Timothy Sipples IT Architect Executive, Industry Solutions, IBM z Systems, AP/GCG/MEA E-Mail: [email protected] ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
