LSF 9.0.1.13

Sort:
You are not authorized to post a reply.
Author
Messages
Russell Spreeman
Veteran Member
Posts: 61
Veteran Member
    We are on LSF 9.0.1.12.1241 and may need to add SSH security to our server. I understand that 9.0.1.13 supports SSH. Is that a difficult upgrade from our current version?

    Has anyone added SSH, and does it work with the latest versions of LID seamlessly? Also, has anyone any experience with how well 1.13 works with non-IE browsers, which I believe it supports? Thanks.
    Xin Li
    Veteran Member
    Posts: 133
    Veteran Member
      We are on 9.0.1.13 and using SSH, no issue for LID. 9.0.1.13 won't support non-IE browsers.
      Russell Spreeman
      Veteran Member
      Posts: 61
      Veteran Member
        So the latest version(s) of LID which have the SSH option in the communications settings work just like expected, nothing special needed to make a connection?



        How difficult is it to put SSH on the server(s)? Our system is hosted and I would like to know what our support people are going to have to do to make it work. Thanks for any further input you have to this.
        Kwane McNeal
        Veteran Member
        Posts: 479
        Veteran Member
          Russell,
          You noted you were hosted. Depending on how you're hosted, will depend on what needs to happen. If you are hosted fully off-site, then first see if SSH just works. If it does not, then you'll have to put in a request with the hosting company's service desk to enable SSH in the operating system. How simple this is for them depends on their deployment model.

          If the systems are hosted on site, and managed by a hosting provider, then your internal systems teams probably have the access to enable SSH for you.
          Kwane McNeal
          Veteran Member
          Posts: 479
          Veteran Member
            ...also, Xin is correct, ESP 14 enables non-IE browsers.

            On the desktop, you will need an SSH set of libraries. I think I recall seeing the info in the LID install guide
            John Henley
            Senior Member
            Posts: 3348
            Senior Member
              I have done ssh a few times. You install part on server and two files into local lid folder.
              Thanks for using the LawsonGuru.com forums!
              John
              Kwane McNeal
              Veteran Member
              Posts: 479
              Veteran Member
                John, you're right, it is pretty simple, but because he's hosted with v9, the provider may choose to NOT provide that service, for whatever reason.
                I didn't want to make any assumptions in my initial post, since I have no idea how the hosted is providing the service of hosting to his organization.

                Russell, as John says, it is fairly simple to do on the server, as well as the client. If the hosting provider isn't willing to enable it, then press them to do so, for security sake.

                Also, I checked my notes out. You need to be on LID 10.0.7, not 10.0.6. Anything older than 10.0.6 is likely to not include SSH. Version 10.0.6 itself, the SSH works, but has a few serious issues with streamed terminal session output, and tends to crash a lot. Version 10.0.7 still has a few bugs, and can crash in very specific circumstances, I think due to some odd race conditions, if your server is Windows, based on my experiences with it.
                Russell Spreeman
                Veteran Member
                Posts: 61
                Veteran Member
                  Thanks very much to everyone for the input! I appreciate it very much. Our system is Unix (AIX actually) and hosted at Cerner and managed by another company. I got this from the Infor document "Infor Lawson System Foundation 10.0.5.0 - Noteworthy New Enhancements". One section titled "Secure Telnet is now supported", while the main document is about 10.0.5, states "And Infor Lawson System Foundation 9.0.1.13 supports Secure Telnet, too."

                  What brings this need about is that we have daily financial files needing to be imported into Lawson from another system. Currently an Open Link server detects that the files exist, it copies them to the Lawson server, and then runs a script to create and run a Lawson job to import them via GL165. Our financial system is going to be changing to an interface that requires the use of SSH. For that reason we need to allow for SSH connectivity.

                  I am far from knowledgeable on this topic but I am supposing that the SSH will have to be enabled on our application server which will also necessitate the change to LID 10.0.7 and the install of those DLL files on the local LID client users' machines. I was told early on that Infor didn't support SSH on Lawson but that seems not to be the case after all.

                  Any additional information or input would be very much appreciated.
                  Kwane McNeal
                  Veteran Member
                  Posts: 479
                  Veteran Member
                    If your system is AIX, usually SSH is enabled. Now, I don't know if the keyrings are configured, but the default one almost always is.

                    Now what I don't know is if the hosting provider allows outside connections to port 22, but if they do, you would be able to connect now.
                    John Henley
                    Senior Member
                    Posts: 3348
                    Senior Member
                      Posted By Russell Spreeman on 07/25/2017 3:42 PM
                      I was told early on that Infor didn't support SSH on Lawson but that seems not to be the case after all.
                      Actually, Infor *cloud* doesn't support it for cloud-hosted customers.
                      Thanks for using the LawsonGuru.com forums!
                      John
                      Russell Spreeman
                      Veteran Member
                      Posts: 61
                      Veteran Member
                        Thanks again for more interesting replies. If SSH is a component of AIX then I'm not sure what Lawson / Infor would have to do with - perhaps it's nothing more than the version of LID software that is needed to connect.
                        Jeff White
                        Veteran Member
                        Posts: 83
                        Veteran Member
                          For what it's worth. We've always used SSH and LID. However, you do have to make an SSH tunnel using Putty first, but then you can use LID like normal.
                          Russell Spreeman
                          Veteran Member
                          Posts: 61
                          Veteran Member
                            Is that a one-time process, comparable to opening a port in a firewall? Or is it something that hast to be done on every PC using LID?



                            Have you tried the 10.0.7 version of LID which allows for SSH connections in the connection info radio buttons? Thanks.
                            Jeff White
                            Veteran Member
                            Posts: 83
                            Veteran Member
                              It would have to be done on each PC. It's a onetime setup in Putty, but you would have to login to Putty first, and then open LID and login. It's not a big deal for us, since I'm the only one using LID, and I also use a remote desktop so I stay logged in for weeks/months.

                              I'm still using LID 9.0.1, and there's no reason for us to go any further since we are migrating to SAP.
                              Russell Spreeman
                              Veteran Member
                              Posts: 61
                              Veteran Member
                                Ugh, most of our Lawson users are on LID, some of them via Citrix so I don't think that Putty deal would go over very well. Hopefully LID 10.0.7 will preclude the need for the Putty step. In our situation I am also not expecting us to do any upgrade beyond 9.0.1 and at this point I'm expecting our system to remain in place until the end of 2018, a long time to limp through with that workaround.

                                You wouldn't be interested in installing LID 10.0.7 on one of your PC's and seeing if the SSH settings in it work without using Putty...? I believe there may be a couple of DLL's that have to be dropped into the install directory, if they're not included by default (though they really ought to be).
                                Jeff White
                                Veteran Member
                                Posts: 83
                                Veteran Member
                                  I've downloaded and installed everything it asked for, but the SSH buttons are still grayed out. I haven't done any research into what else I need to do, so you may have to let me know what I'm missing.
                                  Russell Spreeman
                                  Veteran Member
                                  Posts: 61
                                  Veteran Member
                                    Thanks - I am looking at all their documentation and going to try and get it on my PC to where it installs. If I get it figured out I'll let you know what it took.

                                    Do you have any users who connect via ODBC connection to the database, for Crystal Reports or SQL queries? Does SSH have any effect on that?

                                    Update: I followed the install instructions, went to http://slproweb.com/products/Win32OpenSSL.html
                                    and I installed the 64 bit version of version 1.0.2L. (There is a version 1.1 but it does not seem to work the same and did not have the proper DLL's.) I let the install put the DLL's into the OpenSSL directory, copied the specified DLL's ssleay.dll and libeay.dll to the Lid program directory, and entered the full path to that directory in quotes in the Lid shortcut in the 'start in' field. Now when I start the program if I have unchecked the 'use defaults' settings, it does in fact show the Open SSH radio button available. Unfortunately it still doesn't let me connect via SSH so evidently it's not on our system yet, however I did find out how to make it work. Perhaps you could give it a shot and see if it negates the need to use the Putty workaround.
                                    You are not authorized to post a reply.