Re: [cobalt-users] [OT, slightly] SSH between servers

[Mike Vanecek <nospam99@xxxxxxxxxxxx>]

On Mon, 8 Jan 2001 08:39:31 -0500, "Brian Curtis" <admin@xxxxxxxxxxx> wrote:

:>(responses within original)
:>
:>> :>Hello List,
:>> :>
:>> :>  I'm using my Qube2 for web development on a lan. Usually when I'm
:>> :>  ready to put some files on the Internet, I telnet/SSH into my Qube,
:>> :>  and from there I FTP to the production server.
:>> :>  My understanding is that the telnet session between my computer and
:>> :>  the Qube 2 is secured through SSH. BUT I'm pretty sure the FTP
:>> :>  session between the Qube and the production server is just a regular
:>> :>  FTP (ie my password for FTP goes encrypted between me and the Qube
:>> :>  and then in the clear from the Qube to the server).
:>
:>Yes, any standard FTP session is unencrypted.
:>
:>> :>  I was wondering how should I proceed to open a SSH session between
:>> :>  the Qube and the server, and then  FTP through it ?
:>
:>As someone mentioned in an earlier post, you need an SFTP daemon, or you can
:>tunnel the FTP session from server1 <=> server2.
:>
:>>
:>> I have not tried it so ...  However, when you installed the ssh package,
:>it
:>> installed a client and a server daemon. When you go from your pc to Qube2,
:>the
:>> pc client is talking to the sshd daemon. Supposedly, you can use the ssh
:>> client to go from the Qube to a remote that supports ssh. I.e., that
:>provides
:>> a secure session from Qube2 to a remote ssh server. You should be able to
:>port
:>> forward after that. See man ssh.
:>>
:>> Mike.
:>
:>I'd assume you're talking about tunneling through your SSH client/daemon.
:>This is easy to do if your going directly from client to server, however it
:>looks like Pierre is going client => server1 <=> server2.  If SSH is
:>installed and running on both servers, then a command such as the following
:>will enable tunneling of your ftp connection from server1 <=> server2:
:>
:>$ ssh -l <username> -c 3des -L 2121:<server2>:21 <server1>

Yes, that is what I assumed Pierre would want to do. Thanks for the info on
the setup, that might come in handy.

:>
:><username>   = user recognized by <server1>
:>-c 3des      = cipher to use (either 3des or blowfish using OpenSSH)
:>-L 2121      = local port to use for forwarding (should be nonprivileged
:>port > 1024)
:><server2>:21 = host:port you wish to tunnel ftp session *TO*
:><server1>    = the host you wish initiate SSH session with (usually the same
:>host you connect to via your workstation)
:>
:>You will want to make sure that <username> and <server1> have the necessary
:>keys to communicate with each other, or else you'll receive a bunch of
:>messages stating that the SSH client cannot verify the host your trying to
:>connect to.  It's easiest to just use the same username and host that you
:>normally initiate an SSH session with from your workstation.
:>
:>Once you establish a SSH connection as outlined above, starting a normal FTP
:>session on <server1> with:
:>
:>$ ftp localhost 2121
:>
:>will securely tunnel through to <server2>:21.

Neat approach. Of  course, if possible, it would be easier just to go from the
pc to server2 except that Pierre was wanting to do something else.

:>
:>Not the easiest thing to do, but this can be setup permanently via your SSH
:>config file.  The reason I outlined this instead of recommending a SFTP
:>daemon is that OpenSSH doesn't include one, and the SSH server/client
:>available from ssh.com is $479 commercial (or an awkward "non-commercial"
:>license IMO).

When I installed openssh it installed a sftp daemon (the default directory may
be different)

#Uncomment in the config file
Subsystem       sftp    /usr/local/libexec/sftp-server

I normally use VanDyke's secure ftp client on the pc and sftp on the Qube2 to
do totally encrypted file transfers. 

However, as far as I know, the Qube2 does not have an sftp client, although I
guess it would be easy enough to find one and install it.

Mike.