[Zope] FTP access and ssh-Port-Forward
Fred Yankowski
fred@ontosys.com
Thu, 5 Jun 2003 08:44:49 -0500
On Wed, Jun 04, 2003 at 12:53:14PM -0700, sean.upton@uniontrib.com wrote:
> Most FTP clients (WS_FTP, Fetch, etc), though, support persisting a
> user-preference to do passive transfers (single, client-initiated TCP
> control socket; there is no data connnection), which is reported to do okay
> through SSH TCP socket tunnels, though I have never tested this to Zope...
I have had little success using passive FTP over SSH tunnels. Perhaps
I'm doing something wrong, but even passive FTP uses secondary port
connections to do data transfers; I have not found any way to arrange
tunneling for those secondary connections. If the firewall lets
connections to ports > 1024 go through, then passive FTP over SSH
tunneling can appear to work, but only the control connection is
actually tunneled -- the secondary/data connections are in the clear.
The user/password info is encrypted then, but not the transferred file
data.
--
Fred Yankowski fred@ontosys.com tel: +1.630.879.1312
OntoSys, Inc PGP keyID: 7B449345 fax: +1.630.879.1370
www.ontosys.com 38W242 Deerpath Rd, Batavia, IL 60510-9461, USA