Telnet and FTP transmit data and passwords over the network in plain text iseries access for windows

110 pts.
Tags:
iSeries Access
iSeries Access for Windows
Telnet
Hi iSeries Access for Windows using TCP/IP connectivity applications such as telnet and ftp transmit data and passwords over the network in plain text. This means that the data and passwords can be intercepted and read by other users on the network. Looking for solution to solve this problem. Awaiting for your suggestion/advise in this regard. Syed Hasan

Software/Hardware used:
iSeries Access for Windows, System i with V5R4M0

Answer Wiki

Thanks. We'll let you know when a new response is added.

SSH – secure shell uses public key encryption and is a secure replacement for telnet.

SFTP – secure FTP is a secure replacement for FTP; FTPES – ftp over explicit SSL is another secure file transport protocol.

You will need to be sure you have clients capable of supporting these protocols.

=============================================================

The simple answer is that you have two alternatives: (1) don’t use telnet and ftp, or (2) create a secure tunnel such as VPN or by protocols as noted by Labnuke99 above.

For telnet, easiest is simply not to use TN5250, but use TN5250E instead. Set the connections to “bypass signon” and force SIGNOFF to use ENDCNN(*YES).

For most terminal emulator usage, it isn’t that passwords are sent in the clear. The problem is that you’re using the standard signon panel to enter your password into. Standard display file records are sent in the clear, and the standard signon panel is just another display file record. So don’t use it. Skip it at signon and don’t allow it to redisplay at signoff. If you don’t let it display, it won’t be used.

TN5250E can send encrypted passwords as part of making the connection, thereby eliminating the need ever to display the signon panel. You tell the connection to “bypass signon” when you configure the TN5250E session.

For ftp,… well, ftp has nothing to do with iSeries Access. They are totally unrelated as far as products go. However, the native i5/OS ftp server supports FTPS at V5R4 or higher. Or you can install product <a href=”http://www-03.ibm.com/servers/enable/site/porting/tools/openssh.html”>5733-SC1 — IBM Portable Utilities for i5/OS</a>. (Also see <a href=”http://www-01.ibm.com/support/docview.wss?uid=nas1fa8ba0d9e5c4cacb8625738c0049ae62″>Ordering 5733SC1- IBM Portable Utilities for i5/OS</a>.)

For a FTPS client, you might try <a href=”http://filezilla-project.org/index.php”>FileZilla, the free FTP solution</a>.

Tom

Discuss This Question: 1  Reply

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
  • Littlepd
    iSeries Access for Windows V5R2 Hot Topics: Tailored Images, Application Administration, SSL, and Kerberos This IBM Redbook covers the “hot topic tasks” (according to client feedback) related to running the following iSeries Access for Windows, 5722-XE1, capabilities: - Setting up iSeries Access for Windows functions to use Secure Sockets Layer (SSL) support - iSeries Access for Windows functions using Kerberos and IBM Enterprise Identity Mapping (EIM) network authentication capabilities. This information has been updated to include examples of using EIM to map Kerberos principals to OS/400 users. ...etc.
    1,130 pointsBadges:
    report

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Thanks! We'll email you when relevant content is added and updated.

Following