Firewalls and VLANs were invented for that.
You first deny all for a scream test, then start granting access to who
needs it.

JS

El mié, 30 oct 2024 a las 13:07, Rob Berendt (<robertowenberendt@xxxxxxxxx>)
escribió:

Often these are recommendations. And, if you have a written business case
as to why you need SSH connection you can get it.
Here, we have a tool which monitors many of the stuff you can install on
your PC. If you try to install putty you have to write something up and
they contact the tool vendor and get you excepted. Do not believe you can
just download putty yourself, install it and go. I've tried, when I got my
new laptop. It stops it dead. I explained I needed it for HMC
communicating, etc. And I immediately asked and got permission.

Summary: So, apparently it is not uncommon to find sites like this. Most
times it can be overridden if you just can get over the fear of asking and
communicating.

To the best of my knowledge, the main concern with SSH is that it is the
open system version of secure telnet and the preferred tool of those who
like command line access to many pieces of equipment versus the GUI
interface. And is quite easy to script and be used to probe for openings.

On Wed, Oct 30, 2024 at 2:51 PM Richard Schoen <richard@xxxxxxxxxxxxxxxxx>
wrote:

Using SSH with IBM i.

How many of you work in businesses where you're allowing SSH to be used
with tools like VS Code ?

I'm hearing varying opinions because of potential security issues.

Was talking to a large insurance company yesterday and they asked best
way
to secure SSH. Currently they don't allow it so RDI only tool option for
editing.

Also if allowing SSH, what's a good way to monitor SSH connections and
connection attempts ? (I know I've seen SSH be used for DOS attacks
before
on public IBMi systems.)

Would be interesting to see Mapepire and/or codefori server morphed into
an appropriate server that wouldn't require an SSH connect.

I've done connectivity via jt400 in Java and .Net for years before we had
SSH.

I would love to hear your opinions as the hesitation because of system
compromise is real.

Regards,
Richard Schoen
Web: http://www.richardschoen.net<http://www.richardschoen.net/>
Email: richard@xxxxxxxxxxxxxxxxx<mailto:richard@xxxxxxxxxxxxxxxxx>

--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
list
To post a message email: MIDRANGE-L@xxxxxxxxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives
at https://archive.midrange.com/midrange-l.

Please contact support@xxxxxxxxxxxxxxxxxxxx for any subscription related
questions.


--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
To post a message email: MIDRANGE-L@xxxxxxxxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives
at https://archive.midrange.com/midrange-l.

Please contact support@xxxxxxxxxxxxxxxxxxxx for any subscription related
questions.



As an Amazon Associate we earn from qualifying purchases.

This thread ...

Follow-Ups:
Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.