[Zope] FTP access and ssh-Port-Forward

Fred Yankowski fred@ontosys.com
Thu, 5 Jun 2003 08:44:49 -0500

On Wed, Jun 04, 2003 at 12:53:14PM -0700, sean.upton@uniontrib.com wrote:
> Most FTP clients (WS_FTP, Fetch, etc), though, support persisting a
> user-preference to do passive transfers (single, client-initiated TCP
> control socket; there is no data connnection), which is reported to do okay
> through SSH TCP socket tunnels, though I have never tested this to Zope...

I have had little success using passive FTP over SSH tunnels.  Perhaps
I'm doing something wrong, but even passive FTP uses secondary port
connections to do data transfers; I have not found any way to arrange
tunneling for those secondary connections.  If the firewall lets
connections to ports > 1024 go through, then passive FTP over SSH
tunneling can appear to work, but only the control connection is
actually tunneled -- the secondary/data connections are in the clear.
The user/password info is encrypted then, but not the transferred file

Fred Yankowski      fred@ontosys.com           tel: +1.630.879.1312
OntoSys, Inc	    PGP keyID: 7B449345        fax: +1.630.879.1370
www.ontosys.com     38W242 Deerpath Rd, Batavia, IL 60510-9461, USA