I have a FTP server behind my firewall. Thanks to Tom it works. Next I would like protect the username and password. With out a firewall. I would just create a SSH user on the firewall and connect. I think the easiest way is to do this is to forward port 22 to my ftp server. Is there a way to have the firewall handle the ssh session and forward the rest of the packet to the ftp server. This would allow the ftp server to handle connections as normal without having to deal with the ssh part. What would be the best practice to secure the name and password? All other data is encrypted prior to transmision. __________________________________________________ Do You Yahoo!? Yahoo! Finance - Get real-time stock quotes http://finance.yahoo.com
Why do you want to do that ? If it''s for yourself being secured, SSH can handle SCP and SFTP directly, you just need a client for that (winscp is free, under linux there''s native clients scp and sftp). Else you have to tunneling FTP. By default (without changing anything) the client securefx from Vandyke can do the job (ftp over ssh). If you want to use your usual FTP client, you have to make a tunnel between your station and the server by using SSH for Windows (if you are under windows). After you need to redirect you''re local ftp port to your local ssh port and respectively on the server. (I''m not very confident with tunneling over ssh, but check for tunneling on google, I really prefer to use sftp) Jerome. ----- Original Message ----- From: DeAngelo Rios <deangelo_nin@yahoo.com> To: <shorewall-users@shorewall.net> Sent: Wednesday, August 28, 2002 9:20 AM Subject: [Shorewall-users] SSH ?> I have a FTP server behind my firewall. Thanks to Tom > it works. Next I would like protect the username and > password. With out a firewall. I would just create a > SSH user on the firewall and connect. I think the > easiest way is to do this is to forward port 22 to my > ftp server. > > Is there a way to have the firewall handle the ssh > session and forward the rest of the packet to the ftp > server. This would allow the ftp server to handle > connections as normal without having to deal with the > ssh part. > > What would be the best practice to secure the name and > password? All other data is encrypted prior to > transmision. > > __________________________________________________ > Do You Yahoo!? > Yahoo! Finance - Get real-time stock quotes > http://finance.yahoo.com > _______________________________________________ > Shorewall-users mailing list > Shorewall-users@shorewall.net > http://www.shorewall.net/mailman/listinfo/shorewall-users >
I have not found a SFTP server with all the functionality of pure-ftp. The client was also built to use ftp. I am just trying to encrypt the command port (21) and leave the data ports alone. I am just trying to find the best approach to handle this without having to rewrite everything. Thanks D --- Jerome Tytgat <jtytgat@websurg.com> wrote:> Why do you want to do that ? > > If it''s for yourself being secured, SSH can handle > SCP and SFTP directly, you just need a client for > that > (winscp is free, under linux there''s native clients > scp and sftp). > > Else you have to tunneling FTP. By default (without > changing > anything) the client securefx from Vandyke can do > the job > (ftp over ssh). > > If you want to use your usual FTP client, you have > to make a tunnel > between your station and the server by using SSH for > Windows (if > you are under windows). After you need to redirect > you''re local ftp > port to your local ssh port and respectively on the > server. (I''m not > very confident with tunneling over ssh, but check > for tunneling on google, > I really prefer to use sftp) > > Jerome. > > ----- Original Message ----- > From: DeAngelo Rios <deangelo_nin@yahoo.com> > To: <shorewall-users@shorewall.net> > Sent: Wednesday, August 28, 2002 9:20 AM > Subject: [Shorewall-users] SSH ? > > > > I have a FTP server behind my firewall. Thanks to > Tom > > it works. Next I would like protect the username > and > > password. With out a firewall. I would just create > a > > SSH user on the firewall and connect. I think the > > easiest way is to do this is to forward port 22 to > my > > ftp server. > > > > Is there a way to have the firewall handle the ssh > > session and forward the rest of the packet to the > ftp > > server. This would allow the ftp server to handle > > connections as normal without having to deal with > the > > ssh part. > > > > What would be the best practice to secure the name > and > > password? All other data is encrypted prior to > > transmision. > > > > __________________________________________________ > > Do You Yahoo!? > > Yahoo! Finance - Get real-time stock quotes > > http://finance.yahoo.com > > _______________________________________________ > > Shorewall-users mailing list > > Shorewall-users@shorewall.net > > >http://www.shorewall.net/mailman/listinfo/shorewall-users> > >__________________________________________________ Do You Yahoo!? Yahoo! Finance - Get real-time stock quotes http://finance.yahoo.com
SFTP is a functionnality of SSH. Just use Winscp or SecureFX to connect to it. Maybe you FTP client can do FTP over SSH (or SFTP) automatically ----- Original Message ----- From: DeAngelo Rios <deangelo_nin@yahoo.com> To: Jerome Tytgat <jtytgat@websurg.com>; <shorewall-users@shorewall.net> Sent: Wednesday, August 28, 2002 12:46 PM Subject: Re: [Shorewall-users] SSH ?> I have not found a SFTP server with all the > functionality of pure-ftp. The client was also built > to use ftp. I am just trying to encrypt the command > port (21) and leave the data ports alone. I am just > trying to find the best approach to handle this > without having to rewrite everything. > > Thanks > D > --- Jerome Tytgat <jtytgat@websurg.com> wrote: > > Why do you want to do that ? > > > > If it''s for yourself being secured, SSH can handle > > SCP and SFTP directly, you just need a client for > > that > > (winscp is free, under linux there''s native clients > > scp and sftp). > > > > Else you have to tunneling FTP. By default (without > > changing > > anything) the client securefx from Vandyke can do > > the job > > (ftp over ssh). > > > > If you want to use your usual FTP client, you have > > to make a tunnel > > between your station and the server by using SSH for > > Windows (if > > you are under windows). After you need to redirect > > you''re local ftp > > port to your local ssh port and respectively on the > > server. (I''m not > > very confident with tunneling over ssh, but check > > for tunneling on google, > > I really prefer to use sftp) > > > > Jerome. > > > > ----- Original Message ----- > > From: DeAngelo Rios <deangelo_nin@yahoo.com> > > To: <shorewall-users@shorewall.net> > > Sent: Wednesday, August 28, 2002 9:20 AM > > Subject: [Shorewall-users] SSH ? > > > > > > > I have a FTP server behind my firewall. Thanks to > > Tom > > > it works. Next I would like protect the username > > and > > > password. With out a firewall. I would just create > > a > > > SSH user on the firewall and connect. I think the > > > easiest way is to do this is to forward port 22 to > > my > > > ftp server. > > > > > > Is there a way to have the firewall handle the ssh > > > session and forward the rest of the packet to the > > ftp > > > server. This would allow the ftp server to handle > > > connections as normal without having to deal with > > the > > > ssh part. > > > > > > What would be the best practice to secure the name > > and > > > password? All other data is encrypted prior to > > > transmision. > > > > > > __________________________________________________ > > > Do You Yahoo!? > > > Yahoo! Finance - Get real-time stock quotes > > > http://finance.yahoo.com > > > _______________________________________________ > > > Shorewall-users mailing list > > > Shorewall-users@shorewall.net > > > > > > http://www.shorewall.net/mailman/listinfo/shorewall-users > > > > > > > > __________________________________________________ > Do You Yahoo!? > Yahoo! Finance - Get real-time stock quotes > http://finance.yahoo.com > _______________________________________________ > Shorewall-users mailing list > Shorewall-users@shorewall.net > http://www.shorewall.net/mailman/listinfo/shorewall-users >