PDA

Click to See Complete Forum and Search --> : tunnelling with SSH

spaceboy99
01-28-2003, 09:11 PM
Hello, I was wondering if anyone could help me with a question about using SSH to tunnel FTP. I have already RTFMed, don't worry.

I have two machines -- asuka (ssh) and hal (ftp) -- sitting behind a Linksys router with (a) port 22 forwarded to a machine (asuka) and (b) tunnelling enabled.

I invoke a tunnel on my remote client, thusly:
ssh -L 2121:hal:21 [my-ip-deleted]

I get a login prompt OK, and log in. Then, in another terminal, I say:

ftp localhost 2121

And after puzzling for a few seconds, it gives me an ftp login prompt [the server identifies itself, etc]. I can login just fine, and I can do things like ascii and the server replies that it's now using ascii mode "Type A". But as soon as I try to execute an ls or anything else that requires data to come through, the ftp server barfs, saying that it can't understand the request ("500: EPSV not understood") and then trying passive mode and reporting "500: Illegal PORT command" before dying completely "421 Service Not Available...timed out".

What am I doing wrong? I'm trying FTP first because I thought it would be *easier* than X...argh.

spaceboy99
bastard23
01-28-2003, 11:57 PM
spaceboy99,
The problem is that FTP requires two connections. Here is a link explaining how ftp works (active vs. passive): http://slacksite.com/other/ftp.html Basically, I you would have to write a program to translate the port # on the FTP server, to another SSH tunnelled port. Why don't you use SFTP, which is part of the openssh distribution?

Good Luck,
chris
MattCauth
01-29-2003, 12:11 AM
Actually - X will be MUCH easier. I would imagine FTP to be very tricky to tunnel, because of the reasons above. If you were to stay on ACTIVE mode it may work with two tunnels open, one on 20 the other on 21. Don't hold me to that - the more I think about it the harder it sounds. At the very least, you'll spend a ton of time working it out. Use scp instead, or tunnel to something cleaner, like an apache instance, just to get your head around it and see how it works.

If your host is setup to accept connections from an X server, it's as easy as ssh-ing in, and running your X command, for example xterm. It should export right up to your client machine.
Matt
spaceboy99
01-29-2003, 12:42 PM
Yes, I know I could probably use SFTP to secure the communication...but another effect I am interested in is the tunnelling. I want to be able to run my entire network with only port 22 forwarded through the firewall. That's why I'm trying to figure out a way to do it with SSH tunnel...

spaceboy99
Crutch
01-29-2003, 03:31 PM
Here's how you do it with proftpd.

http://proftpd.linux.co.uk/localsite/Userguide/linked/config_ftpoverssh.html