What happened to FTP over SSH?
I've been a long-time user of SecureFX, and I regularly use FTP over SSH. But it appears that this feature is gone from the latest BETA release of SecureFX!
Our company has a corporate gateway SSH server, and then a number of servers on the "inside" that only run FTP. So I've used FTP over SSH, and it works great!
Now that the feature is removed, what's the alternate mechanism to do this? FTP uses various ports, so it's difficult to know what to set up, up front.
Advice appreciated, thanks ...
[It's strange to see a new version that REMOVES a certain feature ...]
Thanks for your post. There are a couple of reasons why we dropped support for FTP over SSH2. One is that the way it was implemented made it harder for us to add IPv6 support. The other reason is that it was implemented, SFTP wasn't a standard yet, so it was a way to support secure file transfers until the SFTP draft was finalized.
FTP over SSH2 was dropped because our assessment was that not many of our customers were still using it. We will continue to support SecureFX 2.2 for at least another year. Depending on demand, we may add the equivalent functionality back, but so far, we've only had a handful of requests.
SecureCRT 5.0 (and Entunnel 1.2 - not yet out) support dynamic forwarding which allows you to proxy FTP over SSH2. Would this be possible work around for you?
Here is a link to a forum thread with a discussion about FTP over SSH2 that took place about a year ago, if you're interested.
why can't VanDyke release a slimdown version of SecureFX that supports only FTP over SSH2?
i'm responsible for http://negimaki.com/ and i have about 250+ users and increasing by the month which i have recommend SecureFX everytime a user signs up because it works with my setup. the SFTP protocol, which is an option and is widely used by competing OSS products like FileZilla doesn't work well.
i hope you will reconsider releasing such version.
SecueFX 2.2 is available and has FTP over SSH2 support. We will continue to support this version for at least the next 12 months.
Is directing your users to SecureFX 2.2 an option?
basically, this is the default message i send to new account sign-ups for my portal.
"if you need to transfer files using FTP, you must install a client that supports "ftp over ssh2" protocol like SecureFX - download an evaluation copy at http://vandyke.com/download/securefx/index.html. sorry, my SFTP setup at this time is buggy so you can only login via "ftp over SSH2" to perform (secure) file transfers.
i hope SFX 2.2 be available in the coming years, or at least a slimdown version that supports "ftp over ssh2" - on my server, i've disabled direct FTP (port 21) due to random dictionary attacks so the only way for my users to get in is to use client like SecureFX which uses local port forwarding with "ftp over ssh2". sounds like anarchy, but i have to do it. my platform is FreeBSD 4.11 and by default, users "without" a valid login (eg. /sbin/nologin) will render SFTP with a million errors. 99.9% of my users have custom "/usr/local/bin/ftponly" shell. but FTP over SSH2 works great, no problems at all since "inetd" opens port 21 by default so port forwarding isn't a problem.
afaik, no existing OSS projects offer this functionality. only Tectia and SecureFX support it. it works for me and for a lot of my users. i've been thinking of buying multi-site licenses for my users but at this time, it'd be an overkill for my purposes and services.
i have a few dozen users who use Mac OS X and currently don't have an alternative. i think it's a platform you guys should get into because its gaining momentum. i'd recommend SecureFX to them if it worked for Mac OS X but for now, it looks like they're stuck.
I recommend you solve this problem on the system side. From the sound of it, you need to investigate usage of one of the various sftp/scp "only" shells that are available.
There is rssh, chressh, as well as a couple of others (including my sftpsh.c, which is not presently on the web, but which I will gladly send to you).
This "problem" as you've described it sounds like an ideal candidate for one of these restricted access shells. At which point you could support scp/sftp, if the reasons you've given thus far are the only reasons preventing you.
So, I'm willing to look at dynamic forwarding if it works. Today, near as I can tell, it does not.
If I understand what you're saying correctly, this behavior is by design.
You shouldn't need to directly specify the remote host when using the dynamic forwarding option.
Let's say you have machines A, B & C. Machine A runs SecureCRT 5.0 and SecureFX 3.0 . Machine B runs a SSH2 server, but not an FTP server, and does not have SFTP enabled. Machine C runs an FTP server. The goal is to set-up dynamic forwarding so that Machine A can use SecureFX and FTP to get to Machine C, by essentially using the SSH2 server on Machine B as a proxy.
On Machine A, you'll want to have two sessions open - one SecureCRT SSH2 session (Entunnel 1.2 would work as well), and one SecureFX FTP session. In addition, you'll want to create a new Firewall in Global Options/Firewall .
In SecureCRT (on Machine A), you should have a session configured with the following:
name: Local SOCKS5 (this can be any name you like)
port: 9999 (this can be any port as long as it's not in use already)
check: "Dynamic forwarding ..."
Now, in Global Options/Firewall (on Machine A), create your new firewall:
name: SOCKS on localhost (this can be any name you like)
type: SOCKS version 5 (no authentication)
hostname or IP: 127.0.0.1
Finally, in SecureFX (on Machine A), create a session configured with the following:
port: 21 (or whatever port the FTP server runs on on Machine C)
firewall: SOCKS on localhost
So, now, assuming you're connected with the SecureCRT session, and you then attempt to connect with the SecureFX session, you should ultimately land on the FTP server on Machine C.
Here's what the traffic might look like (assuming you have Trace Options enabled in SecureCRT):
Please keep us informed.
|All times are GMT -6. The time now is 08:18 AM.|