How to Secure Telnet with SSL for your IBM servers
Telnet is a way to remotely log into another computer, provided that the said computer is in the same network, through a TCP/IP connection. IBM server allows for Telnet connection, however, Telnet is not an encrypted protocol, which means that there is little security while you are using telnet to connect machines.
Thus, while Telnet is useful, it is also necessary to secure it so that it is safe to use and there is no chance of leaking or loss of data. Telnet connections can be secured using SSL.
What is SSL?
SSL stands for Secure Sockets layer. It is a method of providing encryption in connections between a server and a client—they can be either web servers/ web client or mail servers/ mail clients.
SSL encryption keeps all the data that is being transferred private. Thus, even if sensitive information is exchanged, SSL will ensure that it remains confidential.
Using SSL for Telnet connections for your IBM servers
While Telnet sometimes allows secure connections as well, it also has unsecured connections. With the use of SSL you ensure that only secure connections are made when you telnet to another machine.
If you plan to use SSL for Telnet, you will need to have a digital certificate configured by the Digital Certificate Manager. Then, after this, you can disable all the non-SSL sessions in order to maintain a secure Telnet connection.
Requirements for using SSL
There are a few things you need to already have present in your servers before you start using SSL for Telnet connections.
- An IBM Digital Certificate Manager (DCM) to help configure your digital certificate as mentioned above. Note that if you are using the HTTP server when you are using the DCM, you will need to have a IBM Developer Kit for Java installed as well.
- You should have the IBM TCP/IP connectivity active and present.
- Have the IBM HTTP server installed.
- If you want, you can have additional cryptographic hardware installed as well, to use with SSL. For this, you need the IBM CCA Service Provider and IBM Cryptographic Device Manager additionally installed. However, this step is optional.
Steps to configure SSL successfully
There are two things to keep in mind while using SSL with Telnet.
- You need to make sure that your system can use SSL.
- You need to make sure that client systems can participate in these SSL encrypted Telnet sessions.
Configuring your own servers so that they can use SSL
- Removing Port Restrictions
The first thing you need to do is remove any port restrictions that might be present. Now that you are going to be using SSL, these restrictions are no longer needed.
To remove this, go to: system> network. Select Properties after right clicking on TCP/ IP configuration. In the Port restrictions tab, select the restriction you want to remove, click remove and then click ok.
- Creating Certificate Authority
For this, you need to start the Digital Certificate Manager and select “Create a Certificate Authority.”
After this, you need to fill up a form to have the CA generated. Make sure that you read and follow instructions carefully in order to put in the correct information in the forms. Successful completion of this step ensures that you can use the digital certificates issued.
- Configuring Telnet server
This step ensures that client authentication will be done with the help of the certificates.
For this, you need to start DCM and select system as your certificate store. Now go to Manage Applications> Update Application Definition> Server Application and click continue. Then select i5/OS TCP/IP Telnet Server and click Update Application Definition.
Next click on yes> apply, and finally, done.
- Starting SSL on Telnet server
To enable this go to systems> network> servers> TCP/IP and right click on Telnet. In properties select the General Tab. Now choose the Secure Only option to allow only SSL connections on Telnet.
Making sure that clients can use Telnet systems
Now that you have configured SSL for your server, you need to make sure that the client is able to recognize these encrypted sessions. For this, the client machine needs to accept the certificate presented for the SSL session.
For this, a copy of the certificate should be there in the client machine. To add this, go to i-series navigator and select your system name.
Now go to properties> secure sockets and click download. Enter the password and confirm it by clicking “ok”.
Now, after this, you need to enable the telnet client to present a valid certificate. For this, start DCM. Go to create certificate> user certificate and click continue. Now fill up the form as guided. After the form is filled, install the certificate using “Install Certificate.”
For importing this certificate go to Start > Programs > IBM iSeries Access for Windows > iSeries Access for Windows Properties> Secure sockets. Here click on IBM Key Management. Select personal certificates> import and finally click ok after you have entered the file name and file path of the certificate.
To end a session, follow the instructions here.
Following the above steps will ensure that SSL for Telnet is configured without any problems for your IBM servers. If you do run into an error, you can contact IBM support.
Note; although we strive to ensure all information listed here is accurate. We cannot guarantee the precision of all the information and request you validate all information directly with IBM and IBM.com. If you have any further questions, would like technical assistance or would like discount pricing on any new, used or refurbished IBM server equipment, please contact us. A helpful Greentec Geek is more than happy to assist!
Keywords: IBM server, refurbished ibm server, price quote ibm, how to ibm, used ibm server, discount price