Re: FTP transfer on SSH tunnel

From: Petr Pisar (xpisar_at_fi.muni.cz)
Date: 08/18/05

• Next message: Per Hedeland: "Re: PAM changing user name"
• Previous message: Namit: "Client can't connect to the default port, but can connect to other ports"
• In reply to: Fernando Nachtigall: "FTP transfer on SSH tunnel"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: Thu, 18 Aug 2005 17:59:51 GMT

Fernando Nachtigall napsal(a):
> Folks,
>
> I have a (propably) unusual situation and need your help getting this
> through. Here´s the problem:
>
> I have several Windows servers running FTP servers. Those servers are
> used by one UNIX database box, which acts as a FTP client to get and
> send files.
>
> I want to make those transfers safe, and the first thought was to
> migrate the FTP service to SCP. The solution would then require us to
> buy all those Windows FTP server a SCP/SFTP Server license. Free
> software is not an option (...).
>
> What I want to do is to install a SSH client on my Windows server, and
> estabilish a tunnel from them to my UNIX server. Then, redirect the FTP
> requisitions started on the UNIX server to use the tunnel and get to
> the correct Windows server, where it comes out the tunnel and is sent
> to the FTP service.
>
> In sum, the FTP server will be the SSH client (creating the tunnel),
> and the FTP client will be the SSH server.
>
> Is it possible? Is that reasonable?
>
Tunneling FTP protocol is not good solution because of two FTP
connections and sending TCP/IP addresses in the control connection. (It
is possible to do it, but you need FTP protocol [port, pasv] commands
and replies manipulation or use something like FTP proxy.)

You should choose another secure protocol, e.g. FTPS (this is something
_else_ than SFTP). In this case SSL/TSL standardized extensions for FTP
protocol exist. Does windows FTP server support it (without additional
licenses)?

Or you has to secure lower layer under the FTP relation. Use any VPN
solution (IPsec, openvpn).

--Petr

---

• Next message: Per Hedeland: "Re: PAM changing user name"
• Previous message: Namit: "Client can't connect to the default port, but can connect to other ports"
• In reply to: Fernando Nachtigall: "FTP transfer on SSH tunnel"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: Convert EBCDIC to ASCII in batch? ... Convert EBCDIC to ASCII in batch? ... We have an ftp ... of the Windows server people, I transferred the same file to the same, ... failing, server using BINARY mode. ... (bit.listserv.ibm-main) RE: Download file issue - FTP & Web ... Windows Server 2003 supports Extension Mechanisms for DNS function ... Microsoft CSS Online Newsgroup Support ... |> the SBS Server so that after you change the IP address of the FTP ... (microsoft.public.windows.server.sbs) Help with IPFW + NATD + Passive FTP ... passive FTP connections through IPFW with NATD enabled. ... $cmd 005 allow all from any to any via dc0 ... # Interface facing Public internet ... # Allow out access to my ISP's Domain name server. ... (freebsd-questions) RE: Client Computers cannot upload or download from Remote FTP ser ... SBS External NIC - Cannot FTP From this server ... SBS Internal NIC ... FTP server is Checked in Routing and Remote Access - Internet Connection - ... (microsoft.public.windows.server.sbs) Re: FTP PUT with Store Unique ... The best list for topics related to the Communications Server IP ... command or vice versa. ... Instructs the FTP client not to include a name with the STOU ... -- If NONAME is in effect, no name string specifying a foreign_file value follows ... (bit.listserv.ibm-main)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Newsgroups  > comp.security.ssh  > 2005-08