Secure Sockets Layer for secure Telnet access

You can configure your Telnet server to use the Secure Sockets Layer (SSL) to secure Telnet communications sessions.

To configure your Telnet server to use SSL, you must use Digital Certificate Manager (DCM) to configure the certificate for the Telnet server to use. By default the Telnet server handles both secure and non-secure connections. However, you can configure Telnet so that it allows only secure Telnet sessions. Additionally, you can configure the Telnet server to use digital certificates for stronger client authentication.

When you choose to use SSL with Telnet, you gain some strong security benefits. For Telnet, besides server authentication, the data is encrypted before any Telnet protocol data flows. After the SSL session is established, all Telnet protocols including user ID and password exchange are encrypted.

The most important factor to consider when using the Telnet server is the sensitivity of the information that you use in a client session. If the information is sensitive or private, then you may find it beneficial to set up your Telnet server using SSL. When you configure a digital certificate for the Telnet application, the Telnet server is able to operate with both SSL and non-SSL clients. If your security policy requires that you always encrypt your Telnet sessions, you can disable all non-SSL Telnet sessions. When there is no need for you to use the SSL Telnet server, you can turn off the SSL port. You can control the use of SSL for Telnet sessions using the Change Telnet Attributes (CHGTELNA) command Allow Secure Socket Layer (ALWSSL) parameter. To ensure no applications can use the SSL or Non-SSL ports as appropriate, you can also restrict this by using the Add TCP/IP Port Restriction (ADDTCPPORT) command.

To learn more about Telnet and about security tips for Telnet with and without SSL, the IBM® Systems Software Information Center topic on Telnet provides the information that you need to use Telnet on your i5/OS operating system.