Re: problem: port forwarding, ftp over SSH
From: Ryo Furue (furufuru@ccsr.u-tokyo.ac.jp)Date: 06/26/02
- Next message: Amos Kariuki: "sftp publick key login"
- Previous message: Nico Kadel-Garcia: "Re: Bad configuration option: ClearAllForwardings"
- In reply to: Richard E. Silverman: "Re: problem: port forwarding, ftp over SSH"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: furufuru@ccsr.u-tokyo.ac.jp (Ryo Furue) Date: 25 Jun 2002 20:42:42 -0700
slade@shore.net (Richard E. Silverman) wrote in message news:<m1lk7ooowcd.fsf@syrinx.oankali.net>...
> Include the rest of the FTP output you elided in order to see what's going
> wrong.
Thank you for the response! So, after I typed
$ ssh -L 9999:rhost.some.com:21 -l a01001 rhost.some.com
in a terminal window, I had this in another window:
$ ftp localhost 9999
Connected to localhost.
220 rhost.some.com FTP server (HI-UX/MPP Version 5.60) ready.
Name (localhost:furufuru): a01001
331 Password required for a01001.
Password:
230 User a01001 logged in.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> passive
Passive mode on.
ftp> get hello.txt
local: hello.txt remote: hello.txt
227 Entering Passive Mode (YYY,YY,YYY,YY,9,69)
150 Opening BINARY mode data connection for hello.txt
(xxx.xx.xx.xx,4396) (6 bytes).
226 Transfer complete.
6 bytes received in 0.00 secs (112.7 kB/s)
ftp>
The "$" is the shell prompt. "a01001" is my username on the remote
host. Since I don't want to publish my desktop box's address, I've
mangled it to "xxx.xx.xx.xx". Similarly, I've mangled the remote
host's address to "YYY.YY.YYY.YY" but I've confirmed that this is
really its IP address.
Next, after I typed
$ ssh -L 9999:rhost:21 -l a01001 rhost
I had this:
$ ftp localhost 9999
Connected to localhost.
220 rhost.some.com FTP server (HI-UX/MPP Version 5.60) ready.
Name (localhost:furufuru): a01001
331 Password required for a01001.
Password:
230 User a01001 logged in.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> passive
Passive mode on.
ftp> get hello.txt
local: hello.txt remote: hello.txt
227 Entering Passive Mode (192,168,1,56,9,76)
The ftp command hangs here. While I'm writing this, I notice that the
IP address in the last line is "192.168.1.56". Is this a private
address? Why is that?
The local machine is a Debian Linux 2.2 and ssh
says
$ ssh -V
SSH Version 1.2.27 [i686-unknown-linux], protocol version 1.5.
Standard version. Does not use RSAREF.
The (fictious) remote domain "some.com" is in the search list of
/etc/resolv.conf . There's no entry for the remote domain in
/etc/hosts. I don't use NIS.
> The FTP protocol is just not amenable to this kind of static
> forwarding; among other things, it carries IP addresses inside the
> protocol, and so can get terribly screwed up in the presence of NAT,
> forwarding, etc.
>
> Note that the SSH port forwarding is working fine in either case; your
> data connections were never going to be protected anyway...
Thanks for the caveat. In fact, that's what we need. We regularly
transfer largish data from the remote host and we are happy with ftp
because it's fast enough (2000KB/s) and because we don't need to
protect our data. But, the remote host's admins have recently decided
that they will allow only SSH connections. Scp is very slow
(300KB/s), and although we don't need to encrypt our data, there's no
way to encrypt only passwords not data with scp.
Thanks again,
Ryo
- Next message: Amos Kariuki: "sftp publick key login"
- Previous message: Nico Kadel-Garcia: "Re: Bad configuration option: ClearAllForwardings"
- In reply to: Richard E. Silverman: "Re: problem: port forwarding, ftp over SSH"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
