[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-users] [OT, slightly] SSH between servers
- Subject: Re: [cobalt-users] [OT, slightly] SSH between servers
- From: "Brian Curtis" <admin@xxxxxxxxxxx>
- Date: Mon Jan 8 05:33:00 2001
- Organization: Pomfret Computer Technologies
- List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>
(responses within original)
> :>Hello List,
> :>
> :> I'm using my Qube2 for web development on a lan. Usually when I'm
> :> ready to put some files on the Internet, I telnet/SSH into my Qube,
> :> and from there I FTP to the production server.
> :> My understanding is that the telnet session between my computer and
> :> the Qube 2 is secured through SSH. BUT I'm pretty sure the FTP
> :> session between the Qube and the production server is just a regular
> :> FTP (ie my password for FTP goes encrypted between me and the Qube
> :> and then in the clear from the Qube to the server).
Yes, any standard FTP session is unencrypted.
> :> I was wondering how should I proceed to open a SSH session between
> :> the Qube and the server, and then FTP through it ?
As someone mentioned in an earlier post, you need an SFTP daemon, or you can
tunnel the FTP session from server1 <=> server2.
>
> I have not tried it so ... However, when you installed the ssh package,
it
> installed a client and a server daemon. When you go from your pc to Qube2,
the
> pc client is talking to the sshd daemon. Supposedly, you can use the ssh
> client to go from the Qube to a remote that supports ssh. I.e., that
provides
> a secure session from Qube2 to a remote ssh server. You should be able to
port
> forward after that. See man ssh.
>
> Mike.
I'd assume you're talking about tunneling through your SSH client/daemon.
This is easy to do if your going directly from client to server, however it
looks like Pierre is going client => server1 <=> server2. If SSH is
installed and running on both servers, then a command such as the following
will enable tunneling of your ftp connection from server1 <=> server2:
$ ssh -l <username> -c 3des -L 2121:<server2>:21 <server1>
<username> = user recognized by <server1>
-c 3des = cipher to use (either 3des or blowfish using OpenSSH)
-L 2121 = local port to use for forwarding (should be nonprivileged
port > 1024)
<server2>:21 = host:port you wish to tunnel ftp session *TO*
<server1> = the host you wish initiate SSH session with (usually the same
host you connect to via your workstation)
You will want to make sure that <username> and <server1> have the necessary
keys to communicate with each other, or else you'll receive a bunch of
messages stating that the SSH client cannot verify the host your trying to
connect to. It's easiest to just use the same username and host that you
normally initiate an SSH session with from your workstation.
Once you establish a SSH connection as outlined above, starting a normal FTP
session on <server1> with:
$ ftp localhost 2121
will securely tunnel through to <server2>:21.
Not the easiest thing to do, but this can be setup permanently via your SSH
config file. The reason I outlined this instead of recommending a SFTP
daemon is that OpenSSH doesn't include one, and the SSH server/client
available from ssh.com is $479 commercial (or an awkward "non-commercial"
license IMO).
--
Brian Curtis