Thread: Tunnelling FTP

    #1
  1. No Profile Picture
    Junior Member
    Devshed Newbie (0 - 499 posts)

    Join Date
    Nov 2000
    Posts
    11
    Rep Power
    0
    Greetings,

    Can anyone point me to a clear net resource, or simply give me instructions, on creating SSH2 tunnels for insecure TCP protocols specifically FTP? I don't care as much about encrypting the data connection, but I do want to encrypt the control connection.

    I altered my config file, adding the following line:

    LocalForward "ftp/21:my.machine.name:21"

    and restarted my daemon. I was hoping this would automatically encrypt any FTP logins. However, if it is encrypted it's almost too transparent. I can't tell whether it's working or whether the FTP client is going directly to the FTP daemon and bypassing the tunnel.

    My sense is that I'm going about this the wrong way.

    I would simply use sftp but I have users that are on Macs and they need to upload files to our Linux server, and so far I have not found an sftp client for for Mac. If there is one, and I've missed it, please let me know. Otherwise, I would like to establish a connection that at least protects my user's passwords from sniffing.

    Thanks,
    Eric Anderson
  2. #2
  3. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Mar 2001
    Posts
    18
    Rep Power
    0

    Cool


    AFAIK tunneling ftp is difficult to do due to ftp utilising passive connections where the server makes a second tcp socket connection back to the client for sending the information.

    Thus you can't just encrypt the incoming ftp connection to socket 21, since the server makes a second connection back to client which causes problems due to the fact that ports below 1024 are reserved for root setup only and i think ssh needs a port below 1024 to opperate thus the host -> client channel cannot be made within the correct port range.

    However I read about this ages ago and things may have changed since then.

    I remember reading in one of the ssh guides that you were advised not to tunnel ftp due to this problem, however i cannot remember whether it was possible but very difficult?
  4. #3
  5. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Mar 2001
    Posts
    18
    Rep Power
    0

    Thumbs up


    Replying to my own posts now :-)

    I've just looked into setting up pop3 over secure channels and this can be done using SSL.

    I presume you can do the same for ftp via SSL?

    Have a look at stunnel which I used for the pop3 encryption (prevents passwords been sent clear text)

    the url is www.stunnel.org

    hope that helps
  6. #4
  7. No Profile Picture
    Seņor Member
    Devshed Beginner (1000 - 1499 posts)

    Join Date
    Aug 2000
    Posts
    1,157
    Rep Power
    37
    That's great information, muphicks. I was actually trying to figure this out myself, but never thought to post here (thanks Eric!). BTW, did you know you can "edit" your own post?
    Michael

IMN logo majestic logo threadwatch logo seochat tools logo