Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.




2523 posts

Uber Geek
+1 received by user: 970

Lifetime subscriber

Topic # 239569 24-Jul-2018 10:10
Send private message

Hi, my client uses an application that is a telnet server, and it is connected to by telnet clients that are hand-held barcode scanners running a VT100 terminal emulator. They use these in factories and warehouses to scan boxes as they move about.

 

The clients are located in various locations around the world, and the server is in NZ. They're not happy about the clear text going over the internet for obvious reasons. 

 

So I have half an idea in my head to secure this system and hope if someone here can tell me if I'm on the right track: Setup a little SSH server in the remote building, that accepts the local telnet connections. These telnet connections are carried over the building wifi - can't really avoid that with the current scanners they have, but hopefully this wifi can be made secure.

 

The SSH server somehow maintains a secure tunnel to another SSH server within a network in Auckland office that then connects to the telnet server. So the bit that is outside the fence is encrypted SSH and the bits inside are clear text Telnet.

 

Is this how it works? Can they just download SSH and go? 

 

TIA for any tips

 

JohnO

 

 


Create new topic
3679 posts

Uber Geek
+1 received by user: 1389

Subscriber

  Reply # 2061563 24-Jul-2018 10:16
Send private message

Wouldn't it be simpler to just set up site-to-site VPN's from all the warehouses back to NZ?

 

L2TP with IPsec would mean everything is encrypted - may require different router hardware though I suppose, or perhaps your NZ server could run the VPN server?




2523 posts

Uber Geek
+1 received by user: 970

Lifetime subscriber

  Reply # 2061570 24-Jul-2018 10:21
Send private message

chevrolux:

 

Wouldn't it be simpler to just set up site-to-site VPN's from all the warehouses back to NZ?

 

L2TP with IPsec would mean everything is encrypted - may require different router hardware though I suppose, or perhaps your NZ server could run the VPN server?

 

 

Hi and thanks - yep that sounds like a good solution and these guys have people who should know about this sort of thing...

 

So this VPN can accept a telnet client and connect it to a telnet server at the other end, and it's all transparent to the client and server?

 

Doesn't my idea do all this anyway? Or is it a bad idea because it relies on bits of software being up and running etc?

 

Cheers

 

 


 
 
 
 


2477 posts

Uber Geek
+1 received by user: 886

Trusted
Lifetime subscriber

  Reply # 2061598 24-Jul-2018 10:50
Send private message

kryptonjohn:

 

chevrolux:

 

Wouldn't it be simpler to just set up site-to-site VPN's from all the warehouses back to NZ?

 

L2TP with IPsec would mean everything is encrypted - may require different router hardware though I suppose, or perhaps your NZ server could run the VPN server?

 

 

Hi and thanks - yep that sounds like a good solution and these guys have people who should know about this sort of thing...

 

So this VPN can accept a telnet client and connect it to a telnet server at the other end, and it's all transparent to the client and server?

 

Doesn't my idea do all this anyway? Or is it a bad idea because it relies on bits of software being up and running etc?

 

Cheers

 

 

The issue with trying to tunnel telnet traffic is it would require reconfiguring all the terminals to point to a new end-point.

 

If you ran a VPN, such as OpenVPN which can be easily setup on low end routers / linux boxes with someone who has the right skills and tunnel all traffic that is a seamless solution where only the point to point transport over the internet is encrypted. Everything else works the same as it always has.








2523 posts

Uber Geek
+1 received by user: 970

Lifetime subscriber

  Reply # 2061929 24-Jul-2018 20:33
Send private message

Turns out the handheld units can download and install a SSH client!

 

Still means a SSH server of some sort is required at the server end though...

 

 


221 posts

Master Geek
+1 received by user: 86


  Reply # 2061968 24-Jul-2018 21:51
Send private message

Do you have enterprise grade firewalls at the sites and your head office?  If so, they should support encrypted tunneling.




2523 posts

Uber Geek
+1 received by user: 970

Lifetime subscriber

  Reply # 2062004 25-Jul-2018 07:05
Send private message

Yes they do. However after chatting about it a bit more... They may want in future to use far flung 3rd party logistics sites without anything more than Wi-Fi and internet.... In this case they'd need to use SSH on the scanners and some sort of SSH server at the head office.

Create new topic



Twitter »

Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Geekzone Live »

Our community of supporters help make Geekzone possible. Click the button below to join them.

Support Geezone on PressPatron



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.