September 17, 2009
I've got a program that insists on using ftp (which I won't allow due to cleartext passwords), or ftps (which my host doesn't support).
I want to tunnel ftp through SSH, and I'm in the trial period for Meerkat. Haven't had much luck with it.
I understand that ftp uses a control and a data channel, and that it's an unusual tunneling situation. I need to have the password passed through an encrypted channel, the data is a nice-to-have.
I've currently got the following command-line tunnel working:
sudo ssh -L 21:server.somehost.net:21 -p [alternate SSH port on somehost] -l somehostuser -N server.somehost.net
The plan is then to point local DNS lookups for somehost.net to localhost by using the /etc/hosts file. This is a solution I'd turn on for as long as I'd need it (minutes to hours in a session).
Is there a way to do something like this with Meerkat, and if so, can you provide a little detail? Is there a way to tunnel the data channel too?
Thanks!
September 17, 2009
#1
I can look into FTP
I can look into FTP specifically, but I think that there might be a problem right off the bat, given that Meerkat does not yet support privileged ports, i.e., ports below 1024. So if you want to try to fool an app that is stuck doing FTP and the port is not changeable from 21, Meerkat won't work in that scenario, at least not at present.
February 23, 2010
#2
FTP over SSH
FTP requires that a machine be able to dynamically open a port for a data connection. To my knowledge SSH itself does not even support tunneling FTP, and does not provide the ability to dynamically open extra tunnels. If you can run your FTP client over a SOCKS Proxy, you could try and use the Dynamic forwarding option in Meerkat (I have not tried this though, nor do I know if SOCKS supports it).
Alternatively most SSH servers include SFTP functionality. This allows an FTP like interface for transferring files through SSH. This might work for you if your SSH server and your FTP server are the same machine. This option in supported by FileZilla, WinSCP, Fugu, and many other clients. This wouldn't require a Meerkat tunnel at all.
Can your application support SFTP or SOCKS? What about encapsulating the application in Sockisfy to force it to use a SOCKS Proxy?
Want to join the forums? Create an account or login.
