Please enable JavaScript for this website.

This website makes extensive use of JavaScript. The top menus will not function without it and most tools will also not work.

If you do not know how to enable JavaScript in your web browser, you should be able find instructions by searching the web for "enable javascript in my browser" (or similar).

Announcement

TLS/SSL Encrypted Connection for Horizons Command-line Interface

Sep 13, 2024

A new TLS/SSL encrypted and PKI authenticating port option is available for the Horizons command-line interface, port 6770.

The new port is intended for those who use the terminal as a manual command-line interface but who may might be institutionally required to use encrypted and authenticated connections.

The new service port also addresses firewall issues since it can be multiplexed with any other outgoing TLS/SSL service that is already approved, such as browser traffic on port 443. This avoids the need to define and carry forward institutional firewall exceptions for Horizons telnet terminals.

Using the new encrypted terminal port requires installing open-source stunnel software on the user’s machine. See documentation here for details:

The clear-text port 6775 will remain (telnet ssd.jpl.nasa.gov 6775).

FIREWALL OPTIONS

The new encryption interface can help with terminal port firewall issues since it supports connection using any open outgoing local port on the client system, such as those already approved for TLS/SSL traffic, which can be multiplexed. Ports 443, 992, 465, and 563, for example.

This may be more institutionally feasible or robust than setting up firewall exceptions for terminal connections and carrying them forward. The TLS/SSL and PKI authentication methods and traffic with the new interface are identical to that of web browsers and other already-approved TLS/SSL ports.

See section 7 of the above documentation for details and check with local IT support for the preferred approach.

TRANSITION TO API

It is recommended that -automation- currently using terminal ports via scripting be reworked to use the more recent API/URL interface. See Horizons API documentation.

Advantages of the API interface for automation include:

no need to have the ‘expect’ interpreter or stunnel application installed on your machine,
more robust as the Internet evolves and other protocols are restricted,
future development for enhanced automation (JSON output, etc.) will be implemented through the API first (and probably only).

The terminal interfaces on ports 6775 (clear) and 6770 (encrypted) are primarily for non-automated interaction (as is the browser interface ): those who prefer to type, do quick look-ups, or be actively prompted through request set-up. However, it does demand fewer resources from the server and client.

TERMINAL AUTOMATION SCRIPTS UPDATED

For users who have previously automated the terminal interface using the example scripts we provided, updated versions are available.

See internal comments to activate encrypted port usage, if you have set up an stunnel client. This amounts to uncommenting one line.

The updated scripts are transitional support for users who have prior versions embedded in their automation and for whom immediate redevelopment to use the API isn’t an option. Keyboard warriors may also use them as macros.

Regardless of whether the encrypted or clear-text terminal option is used, the anonymous FTP file transfer has been replaced in the new scripts with a self-contained HTTPS transfer. NASA has deprecated anonymous FTP and, if it is removed from the Horizons server, the old scripts will stop working. So at the very least, update to use the new drop-in scripts to avoid breakage.