RE: Secure connection between Win2k and NT4?

From: Bob Apthorpe (boba@admin.stedwards.edu)
Date: 08/16/02

Previous message: Ram Prasad: "Re: SQL Server 7.0 Hello Overflow"
In reply to: Tosh, Michael J (N-Joule): "RE: Secure connection between Win2k and NT4?"
Next in thread: Benjamin D. Goldman: "RE: Secure connection between Win2k and NT4?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

From: "Bob Apthorpe" <boba@admin.stedwards.edu>
To: focus-ms@securityfocus.com
Date: Fri, 16 Aug 2002 16:40:55 -0500

Hi,

On 16 Aug 2002 at 13:15, Tosh, Michael J (N-Joule) wrote:

> The actions that you speak of are only for authentication. The actual
> session, once established, is sent via plain FTP. SSH isn't a tunnel,
> it is a secure remote shell. I don't want to sound like I'm correcting
> you, I am just suggesting what I BELIEVE is happening. Not that smart.
> Yet.

Use ssh port forwarding (pardon the linewrap on this):

ssh -L 8181:remoteserver.example.com:80 \
myaccount@remoteserver.example.com

This will tunnel traffic directed at localhost:8181 to
remoteserver.example.com:80 and the traffic will be encrypted between
the two points (unless you find some magical way of turning it off
via options to ssh or sshd; confirm this with Ethereal or an
equivalent protocol analyzer.)

So, provided you set FTP to passive mode and are running sshd on the
remote machine, the following should give you someplace to start:

ssh -L 10021:remoteserver.example.com:21 \
myaccount@remoteserver.example.com

If you can convince your local FTP client to connect to
localhost:10021, you should be ok.

Caveat: I've tested the local:8181 -> remote:80 between a local XP
box running Cygwin (http://www.cygwin.com) and a remote linux box
(SuSE 7.2); I have not tested FTP through the tunnel nor running
Cygwin's sshd on the XP box (one note - /etc/sshd_config seems to be
missing...)

If you're not wed to FTP, use scp instead. For extra credit, take a
look at ssh-agent and ssh-add if you want secure, mostly-passwordless
access.

hth,

-- Bob

Previous message: Ram Prasad: "Re: SQL Server 7.0 Hello Overflow"
In reply to: Tosh, Michael J (N-Joule): "RE: Secure connection between Win2k and NT4?"
Next in thread: Benjamin D. Goldman: "RE: Secure connection between Win2k and NT4?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Re: How do I FTP via a secure tunnel (set up instructions
... I want to run an FTP client and FTP deamon ... >> via this tunnel. ... > destination from A to Z then your destination must support for example ... Unless your destination has ssh available, ...
(alt.privacy)
Re: How do I FTP via a secure tunnel (set up instructions
... I want to run an FTP client and FTP deamon ... >>> via this tunnel. ... >> destination from A to Z then your destination must support for example ... Unless your destination has ssh available, ...
(alt.privacy)
RE: FTPD & SSHD server
... I think you are confused about difference between ssh and FTPD. ... This FTP software gives FTP protocol ... not used over the public internet. ... high port number for data channel in passive mode. ...
(freebsd-questions)
Re: Secure file transfer
... We're talking about SFTP, which is a variant how to use SSH to secure the ... FTP protocol. ... is it better to use AUTH SSL or SSH/SFTP?" ...
(comp.security.misc)
Re: Sicheres FTP?
... Im Normalfall überträgt FTP ja alle Daten im Klartext. ... auch der Benutzername und Kennwort. ... Übertragung durch einen SSH Tunnel schicken könnte ist klar, ... durch einen Tunnel geschickt, ohne das der User was davon mitbekommt. ...
(de.comp.security.misc)