> To me that seems like a giant step backward in capability. You will lose > the 3270 capabilities of the system -- very similar to linemode telnet.
Think of it first as a replacement for rexec than as a terminal connection. It makes more sense that way. In this case, the remote execution function is more immediately useful as more ane more Unix distributions remove support for the original Berkeley r-commands in favor of the ssh replacements. > The Unix culture has labeled telnet as a tool of the Evil Empire, but > there's no reason one can't use encrypted telnet. I'd much rather have > the VM telnet support of user certificates on SSL-protected TN3270 > (available with IBM Personal Communications). > With ssh you will lose the 3270 capabilities of the system. Not really. SSH is fairly easily integrated into x3270 (I sent the code mods to the x3270 maintainers several months ago, but with nothing to talk to, it's kind of pointless). It's a special case of protecting a TCP port; the contents of what flows over the port are still up to the end application. Vic's point about common authentication is a good one -- ssh is much less complex to manage than SSL certificates, and if ssh is the ubiquitous tool, then supporting it is worthwhile. Another project for my "spare time" list, I guess. -- db
