PrevPrev Go to previous topic
NextNext Go to next topic
Last Post 07/26/2017 10:41 AM by  Russell Spreeman
LSF 9.0.1.13
 16 Replies
Sort:
You are not authorized to post a reply.
Author Messages
Russell Spreeman
Private
Private
Veteran Member
(128 points)
Veteran Member
Posts:52


Send Message:

--
07/24/2017 4:34 PM
    We are on LSF 9.0.1.12.1241 and may need to add SSH security to our server. I understand that 9.0.1.13 supports SSH. Is that a difficult upgrade from our current version?

    Has anyone added SSH, and does it work with the latest versions of LID seamlessly? Also, has anyone any experience with how well 1.13 works with non-IE browsers, which I believe it supports? Thanks.
    Xin Li
    Private
    Private
    Veteran Member
    (288 points)
    Veteran Member
    Posts:130


    Send Message:

    --
    07/25/2017 10:41 AM
    We are on 9.0.1.13 and using SSH, no issue for LID. 9.0.1.13 won't support non-IE browsers.
    Russell Spreeman
    Private
    Private
    Veteran Member
    (128 points)
    Veteran Member
    Posts:52


    Send Message:

    --
    07/25/2017 12:12 PM
    So the latest version(s) of LID which have the SSH option in the communications settings work just like expected, nothing special needed to make a connection?



    How difficult is it to put SSH on the server(s)? Our system is hosted and I would like to know what our support people are going to have to do to make it work. Thanks for any further input you have to this.
    Kwane McNeal
    Private
    Private
    Veteran Member
    (1197 points)
    Veteran Member
    Posts:399


    Send Message:

    --
    07/25/2017 12:19 PM
    Russell,
    You noted you were hosted. Depending on how you're hosted, will depend on what needs to happen. If you are hosted fully off-site, then first see if SSH just works. If it does not, then you'll have to put in a request with the hosting company's service desk to enable SSH in the operating system. How simple this is for them depends on their deployment model.

    If the systems are hosted on site, and managed by a hosting provider, then your internal systems teams probably have the access to enable SSH for you.
    Kwane McNeal
    Private
    Private
    Veteran Member
    (1197 points)
    Veteran Member
    Posts:399


    Send Message:

    --
    07/25/2017 12:22 PM
    ...also, Xin is correct, ESP 14 enables non-IE browsers.

    On the desktop, you will need an SSH set of libraries. I think I recall seeing the info in the LID install guide
    John Henley
    Private
    Private
    Senior Member
    (9563 points)
    Senior Member
    Posts:3205


    Send Message:

    --
    07/25/2017 12:37 PM
    I have done ssh a few times. You install part on server and two files into local lid folder.
    Thanks for using the LawsonGuru.com forums!
    John
    Kwane McNeal
    Private
    Private
    Veteran Member
    (1197 points)
    Veteran Member
    Posts:399


    Send Message:

    --
    07/25/2017 1:29 PM
    John, you're right, it is pretty simple, but because he's hosted with v9, the provider may choose to NOT provide that service, for whatever reason.
    I didn't want to make any assumptions in my initial post, since I have no idea how the hosted is providing the service of hosting to his organization.

    Russell, as John says, it is fairly simple to do on the server, as well as the client. If the hosting provider isn't willing to enable it, then press them to do so, for security sake.

    Also, I checked my notes out. You need to be on LID 10.0.7, not 10.0.6. Anything older than 10.0.6 is likely to not include SSH. Version 10.0.6 itself, the SSH works, but has a few serious issues with streamed terminal session output, and tends to crash a lot. Version 10.0.7 still has a few bugs, and can crash in very specific circumstances, I think due to some odd race conditions, if your server is Windows, based on my experiences with it.
    Russell Spreeman
    Private
    Private
    Veteran Member
    (128 points)
    Veteran Member
    Posts:52


    Send Message:

    --
    07/25/2017 3:42 PM
    Thanks very much to everyone for the input! I appreciate it very much. Our system is Unix (AIX actually) and hosted at Cerner and managed by another company. I got this from the Infor document "Infor Lawson System Foundation 10.0.5.0 - Noteworthy New Enhancements". One section titled "Secure Telnet is now supported", while the main document is about 10.0.5, states "And Infor Lawson System Foundation 9.0.1.13 supports Secure Telnet, too."

    What brings this need about is that we have daily financial files needing to be imported into Lawson from another system. Currently an Open Link server detects that the files exist, it copies them to the Lawson server, and then runs a script to create and run a Lawson job to import them via GL165. Our financial system is going to be changing to an interface that requires the use of SSH. For that reason we need to allow for SSH connectivity.

    I am far from knowledgeable on this topic but I am supposing that the SSH will have to be enabled on our application server which will also necessitate the change to LID 10.0.7 and the install of those DLL files on the local LID client users' machines. I was told early on that Infor didn't support SSH on Lawson but that seems not to be the case after all.

    Any additional information or input would be very much appreciated.
    Kwane McNeal
    Private
    Private
    Veteran Member
    (1197 points)
    Veteran Member
    Posts:399


    Send Message:

    --
    07/25/2017 3:47 PM
    If your system is AIX, usually SSH is enabled. Now, I don't know if the keyrings are configured, but the default one almost always is.

    Now what I don't know is if the hosting provider allows outside connections to port 22, but if they do, you would be able to connect now.
    John Henley
    Private
    Private
    Senior Member
    (9563 points)
    Senior Member
    Posts:3205


    Send Message:

    --
    07/25/2017 4:49 PM
    Posted By Russell Spreeman on 07/25/2017 3:42 PM
    I was told early on that Infor didn't support SSH on Lawson but that seems not to be the case after all.
    Actually, Infor *cloud* doesn't support it for cloud-hosted customers.
    Thanks for using the LawsonGuru.com forums!
    John
    Russell Spreeman
    Private
    Private
    Veteran Member
    (128 points)
    Veteran Member
    Posts:52


    Send Message:

    --
    07/26/2017 8:13 AM
    Thanks again for more interesting replies. If SSH is a component of AIX then I'm not sure what Lawson / Infor would have to do with - perhaps it's nothing more than the version of LID software that is needed to connect.
    Jeff White
    Private
    Private
    Veteran Member
    (225 points)
    Veteran Member
    Posts:81


    Send Message:

    --
    07/26/2017 8:25 AM
    For what it's worth. We've always used SSH and LID. However, you do have to make an SSH tunnel using Putty first, but then you can use LID like normal.
    Russell Spreeman
    Private
    Private
    Veteran Member
    (128 points)
    Veteran Member
    Posts:52


    Send Message:

    --
    07/26/2017 8:52 AM
    Is that a one-time process, comparable to opening a port in a firewall? Or is it something that hast to be done on every PC using LID?



    Have you tried the 10.0.7 version of LID which allows for SSH connections in the connection info radio buttons? Thanks.
    Jeff White
    Private
    Private
    Veteran Member
    (225 points)
    Veteran Member
    Posts:81


    Send Message:

    --
    07/26/2017 9:03 AM
    It would have to be done on each PC. It's a onetime setup in Putty, but you would have to login to Putty first, and then open LID and login. It's not a big deal for us, since I'm the only one using LID, and I also use a remote desktop so I stay logged in for weeks/months.

    I'm still using LID 9.0.1, and there's no reason for us to go any further since we are migrating to SAP.
    Russell Spreeman
    Private
    Private
    Veteran Member
    (128 points)
    Veteran Member
    Posts:52


    Send Message:

    --
    07/26/2017 9:09 AM
    Ugh, most of our Lawson users are on LID, some of them via Citrix so I don't think that Putty deal would go over very well. Hopefully LID 10.0.7 will preclude the need for the Putty step. In our situation I am also not expecting us to do any upgrade beyond 9.0.1 and at this point I'm expecting our system to remain in place until the end of 2018, a long time to limp through with that workaround.

    You wouldn't be interested in installing LID 10.0.7 on one of your PC's and seeing if the SSH settings in it work without using Putty...? I believe there may be a couple of DLL's that have to be dropped into the install directory, if they're not included by default (though they really ought to be).
    Jeff White
    Private
    Private
    Veteran Member
    (225 points)
    Veteran Member
    Posts:81


    Send Message:

    --
    07/26/2017 9:34 AM
    I've downloaded and installed everything it asked for, but the SSH buttons are still grayed out. I haven't done any research into what else I need to do, so you may have to let me know what I'm missing.
    Russell Spreeman
    Private
    Private
    Veteran Member
    (128 points)
    Veteran Member
    Posts:52


    Send Message:

    --
    07/26/2017 10:41 AM
    Thanks - I am looking at all their documentation and going to try and get it on my PC to where it installs. If I get it figured out I'll let you know what it took.

    Do you have any users who connect via ODBC connection to the database, for Crystal Reports or SQL queries? Does SSH have any effect on that?

    Update: I followed the install instructions, went to http://slproweb.com/products/Win32OpenSSL.html
    and I installed the 64 bit version of version 1.0.2L. (There is a version 1.1 but it does not seem to work the same and did not have the proper DLL's.) I let the install put the DLL's into the OpenSSL directory, copied the specified DLL's ssleay.dll and libeay.dll to the Lid program directory, and entered the full path to that directory in quotes in the Lid shortcut in the 'start in' field. Now when I start the program if I have unchecked the 'use defaults' settings, it does in fact show the Open SSH radio button available. Unfortunately it still doesn't let me connect via SSH so evidently it's not on our system yet, however I did find out how to make it work. Perhaps you could give it a shot and see if it negates the need to use the Putty workaround.
    You are not authorized to post a reply.