SSH – secure shell uses public key encryption and is a secure replacement for telnet.
SFTP – secure FTP is a secure replacement for FTP; FTPES – ftp over explicit SSL is another secure file transport protocol.
You will need to be sure you have clients capable of supporting these protocols.
The simple answer is that you have two alternatives: (1) don’t use telnet and ftp, or (2) create a secure tunnel such as VPN or by protocols as noted by Labnuke99 above.
For telnet, easiest is simply not to use TN5250, but use TN5250E instead. Set the connections to “bypass signon” and force SIGNOFF to use ENDCNN(*YES).
For most terminal emulator usage, it isn’t that passwords are sent in the clear. The problem is that you’re using the standard signon panel to enter your password into. Standard display file records are sent in the clear, and the standard signon panel is just another display file record. So don’t use it. Skip it at signon and don’t allow it to redisplay at signoff. If you don’t let it display, it won’t be used.
TN5250E can send encrypted passwords as part of making the connection, thereby eliminating the need ever to display the signon panel. You tell the connection to “bypass signon” when you configure the TN5250E session.
For ftp,… well, ftp has nothing to do with iSeries Access. They are totally unrelated as far as products go. However, the native i5/OS ftp server supports FTPS at V5R4 or higher. Or you can install product 5733-SC1 — IBM Portable Utilities for i5/OS.
For a FTPS client, you might try FileZilla, the free FTP solution.