Using The Ssh Client To Create An Ftp Port Forwarding Daemon - HP NonStop SSH 544701-014 Reference Manual

Using the SSH client to create an FTP port forwarding daemon

To tunnel FTP connections through a SSH connection, the SSH implementation must apply additional logic to ensure
that the data port is also encrypted. The following example shows the encryption of an FTP connection between two
NonStop systems by tunneling it over an SSH session.
The example is based on the following assumptions:
•
An SSH2 daemon is installed on the remote NonStop system with Port forwarding allowed. That requires the
parameter ALLOWTCPFORWARDING to be set to true.
•
The IP address on the remote NonStop system is 10.0.0.198. FTPSERV is configured through PORTCONF to
take connections coming in on port 21 on that IP stack
•
A guardian user named COMF.TB exists on the remote system
Starting FTP port forwarding on the client system
The following command will start a FTP port forwarding daemon on the client system
$TB TBSSH79 16> run ssh -S $TBS79 -N -L ftp/2121:127.0.0.1:21 comf.tb@10.0.0.198
comForte SSH client version T9999H06_16Apr2008_comForte_SSH_0079
You have no private keys in the key store.
Trying password authentication.
Enter comf.tb@10.0.0.198's password:
The client will not be active before the password is given at the prompt. The port forwarding client listens for incoming
connections on port 2121. 127.0.0.1:21 is the IP address/port of FTPSERV on the remote system from the perspective of
the remote NonStop host. The "ftp/" string after the –L tells the SSH client to use additional FTP forwarding logic.
Connecting to the port forwarding client with a FTP client
The following command sequence will direct local FTP traffic to the port forwarding daemon and in effect create an
encrypted FTP session between the two systems:
$TB TBSSH79 2> ftp 127.0.0.1 2121
FTP Client - T9552H02 - (16APR2008) - COPYRIGHT TANDEM COMPUTERS INCORPORATED 2007
Connecting to 127.0.0.1.........Established.
220 NPS762A FTP SERVER T9552G07 (Version 3.x TANDEM 30NOV2005) ready.
Name (127.0.0.1:user): comf.tb
331 Password required for COMF.TB.
Password:
230 User COMF.TB logged in.
ftp> dir
200 command successful
150 Opening data connection for /bin/ls (127.0.0.1,4519d) (0 bytes).
total 9662
drwxrwxrwx 1 COMF.TB
drwxrwxr-x 1 SUPER.SUPER
-rw------- 1 COMF.TB
-rw-rw-rw- 1 COMF.TB
-rw-rw-rw- 1 COMF.TB
-rwxrwxrwx 1 COMF.TB
-rw------- 1 COMF.TB
-rw------- 1 COMF.TB
drwx------ 1 COMF.TB
-rw------- 1 COMF.TB
-rw-rw-rw- 1 COMF.TB
-rwxrwxrwx 1 COMF.TB
-rw-rw-rw- 1 SUPER.SUPER
drwxrwxrwx 1 SUPER.SUPER
-rw-rw-rw- 1 COMF.TB
-rwxr-xr-x 1 COMF.TB
-rwxrwxrwx 1 COMF.TB
drwxrwxrwx 1 COMF.TB
drwxrwxrwx 1 COMF.TB
-r-xr-xr-x 1 SUPER.SUPER
-rwxrwxrwx 1 COMF.TB
202 • SSH and SFTP Client Reference
OSS API enabled
COMF 4096 Jun 25 13:08 .
SUPER 4096 Jul 03 20:43 ..
COMF 5430 May 08 16:40 .bash_history
COMF 1714 Sep 16
COMF 3480 Aug 29
COMF 141 Jan 06
COMF 569 Jan 03
COMF 1100 May 08 16:40 .sh_history
COMF 4096 Nov 02
COMF 3116 Jan 08
SUPER 15 Oct 20
COMF 15000 Oct 24
SUPER 2722667 Aug 29
SUPER 4096 Oct 13
COMF 699 Oct 24
COMF 27064 Jun 25 13:08 file0,0,1,1,1
COMF 244 Oct 24
COMF 4096 Apr 25
COMF 4096 Jan 08
SUPER 389152 Mar 03
COMF 128 Mar 28 06:35 rc0071
2004 .bashrc
2007 .exrc
2008 .profile
2007 .profile_fh
2004 .ssh
2008 .viminfo
2004 .vimrc
2007 a.out
2007 abc
2004 bashtest
2007 block.c
2007 fixmore
2006 gnumisc
2008 hertz
2005 ls
HP NonStop SSH Reference Manual