Welcome to the VanDyke Software Forums

Join the discussion today!

Go Back   VanDyke Software Forums > Secure Shell

Thread Tools Display Modes
Old 01-30-2006, 09:19 AM
mikeboeck mikeboeck is offline
Registered User
Join Date: Jan 2006
Posts: 1
SSH Tunneling

I am trying to use ssh to connect to and send a file to an FTP server.

For the visually strong people:

Client(A) ---Internet(SSH)---> OpenSSH Server(B)------> FTP Server(C)
WinXp Linux Linux

Client A is outside the corporate firewall. I need to send a file from A to C(which is inside the firewall)
The data being sent must not reside on Server(B), it must be automatically forwarded to FTP(C)

I am new to SSH and SFTP as well as forwarding of data and a step by step guide would be very helpful.

Last edited by mikeboeck; 01-30-2006 at 09:26 AM. Reason: spelling and grammar
Reply With Quote
Old 01-30-2006, 04:07 PM
jjh jjh is offline
VanDyke Customer Support
Join Date: Feb 2004
Posts: 811
Hello Mikeboeck.

It sounds like you might be able to benefit from a client that does dynamic port forwarding, like our SecureCRT client.

If I understand the problem you are trying to solve, there is connectivity between the Windows machine and the OpenSSH server and between the OpenSSH server and the FTP server, but not directly from the Windows machine to the FTP server. You need to be able to get files from the Windows machine to the FTP server without the files ever residing on the OpenSSH server.

Is that correct?

If so, you could solve the problem by port forwarding the FTP traffic through the SSH tunnel. The only problem with that is the fact that normal port forwarding requires you to know exactly which ports you need to forward. The FTP protocol uses port 21 for the Control connection, but a second random port is used for the data connection, which is used to transfer the files. It's because of the use of the random port that you can't do normal port forwarding, but SecureCRT has dynamic port forwarding capability.

The following is an example of how you could configure dynamic port forwarding in SecureCRT to meet your need:
  • Create a session that connects from SecureCRT to the OpenSSH server running on the UNIX machine.
  • In the Session Options for that session open the Port Forwarding category and click the "Add" button.
  • When the "Local Port Forwarding Properties" dialog appears, Enter a name for the port forward. For the purposes of this example, we'll call it "SSHSocks" because we are essentially setting up SecureCRT as a Socks proxy.
  • Configure a local port for SecureCRT to listen on. For this example, let's use port 9080.
  • Enable the "Dynamic Forwarding Using Socks 4 or 5" setting.
  • Click "OK".
  • Now you can connect to that session.

Now you can configure your FTP client to take advantage of the dynamic forward (SOCKS proxy) you just configured. You'll need to configure your FTP client to use PASV mode instead of Port mode. Your FTP client likely has a setting for you to configure a proxy server. The proxy server you need to use is the one you have created with your SecureCRT session, so the proxy server is on localhost (or, port 9080. You can use the hostname or IP address for your FTP server that you would normally use if you were connecting from the OpenSSH server to the FTP server.

If you are using our SecureFX client as your FTP client, you will need to set up the Firewall setting in your Global Options, then make sure that you have chosen that firewall in the Session Options for your session.

With this configuration, all of the FTP traffic will be routed through the secure tunnel that was created when you connected SecureCRT to the OpenSSH server. The OpenSSH server will forward the traffic along to your FTP server.

Does this configuration work for you?

Thank you

Reply With Quote

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

All times are GMT -6. The time now is 12:53 AM.