Re: Secure Telnet Between i5's ?

[Donald Whittaker <donald_whittaker@xxxxxxxxx>]

   You should be able to specify the port number, at
least from a Windows telnet, a System i telnet, and
from Client Access.  
   I don't think SSL uses a new IP address - I think
it uses an ephemeral port for the connection (that is,
the initial connect request comes across on 992, but
the actual user job ends up on another port number).
   You can shut off port 23 and, as Gary Monnier
suggested earlier, test the telnet exit point to
verify that the traffic is SSL.
   If no one has yet mentioned it, you can use
CWBCOSSL to do some of the System i to PC certificate
work to set up your PC (once you have the certificate
set up on the System i).
  
Thanks,
Don
   
--- David Gibbs <david@xxxxxxxxxxxx> wrote:

> Trevor Perry wrote:
> > From what I know using a secure client, TELNET is
> port 23 and secure
> > TELNET uses another port - most likely 992.
>
> Right ... is that sufficient for telnet though?
>
> A TCP/IP daemon can listen on *ANY* port it wants to
> ... 23 is just the
> standard for telnet (as is 992 for secure telnet).
>
> With FTP there is a parameter to indicate that you
> are initiating a SSL
> FTP (SECCNN).  You can also alter the ports you
> connect to with FTP.
>
> If you were initiating a secure telnet session from
> within i5/os, I
> would expect there to be a parameter indicating that
> a secure connection
> is required.
>
> Unfortunately, I do not have a system with SSL
> enabled to play around
> with at the moment.
>
> david
>
> -- 
> System i ... for when you can't afford to be out of
> business
> --