HPE Community
Operating System - OpenVMS
1751691 Members
4748 Online
108781 Solutions
New Discussion юеВ

Re: FTP via SSH tunnel problem

 
Jansen_8
Regular Advisor

тАО07-11-2008 12:52 AM

тАО07-11-2008 12:52 AM

FTP via SSH tunnel problem

Hi all,

I'm trying to setup a FTP session via a SSH-tunnel. I do exactly the same from a linux client and a VMS client (same commands same servers etc..). However the linux client works where the VMS client fails.

My system : OpenVMS Alpha 8.3
TCPIP services 5.6 ECO 2
I have both TCPIP$FTP_ALLOW_ADDR_REDIRECT and TCPIP$FTP_ALLOW_PORT_REDIRECT defined to 1 in the system table. and resterted the FTP-client after that.


Set up the tunnel :
$ ssh -L 2121:10.112.0.10:21 tunnel-server


Making connection :
sirba-jj) ftp localhost 2121
220 (vsFTPd 2.0.6)
Connected to LOCALHOST.
Name (LOCALHOST:joukj):
331 Please specify the password.
Password:
230 Login successful.
FTP> cd electron/elstru
250 Directory successfully changed.
FTP> ls
500 Illegal PORT command.
FTP>


So it seems that the connection is made. The cd command works fine (as does pwd) but ls (and ie. get) give the error message.
Note that the same from a linux client works fine.

tunnel-server and 10.112.0.10 are both linux machines.

Can anybody give me any suggestions what may be wrong?

Thanks
Jouk
0 Kudos
5 REPLIES 5
Duncan Morris
Honored Contributor

тАО07-11-2008 01:33 AM

тАО07-11-2008 01:33 AM

Re: FTP via SSH tunnel problem

Jouk,

before using "ls" or other commands, try
"passive on"


Duncan
0 Kudos
Jansen_8
Regular Advisor

тАО07-11-2008 01:56 AM

тАО07-11-2008 01:56 AM

Re: FTP via SSH tunnel problem

The "passive on" does not help. it just gives another error:


sirba-jj) ftp localhost 2121
220 (vsFTPd 2.0.6)
Connected to LOCALHOST.
Name (LOCALHOST:joukj):
331 Please specify the password.
Password:
230 Login successful.
FTP> passive on
Passive is ON.
FTP> ls
227 Entering Passive Mode (10,112,0,10,170,24).
%TCPIP-E-FTP_DATACONF, cannot establish data connection with remote host
-SYSTEM-F-REJECT, connect to network object rejected
FTP>

0 Kudos
Richard Whalen
Honored Contributor

тАО07-11-2008 02:20 AM

тАО07-11-2008 02:20 AM

Re: FTP via SSH tunnel problem

In order to successfully tunnel an FTP session over SSH it is necessary for SSH to recognize the PORT and PASV commands and their responses and make the necessary substitutions just as a NAT device would. It is possible that the Linux SSH code is built with such code and that the TCP/IP Services code is not.

Process Software's SSH software is built with code to recognize FTP tunnels and it generally works better in PASV mode than PORT mode.
0 Kudos
Jansen_8
Regular Advisor

тАО07-11-2008 02:37 AM

тАО07-11-2008 02:37 AM

Re: FTP via SSH tunnel problem

I found the solution:

You do not need the TCPIP$FTP_ALLOW_ADDR_REDIRECT & TCPIP$FTP_ALLOW_PORT_REDIRECT logicals

The tunnel has to be set up in a slightly different way:
ssh -"L" ftp/2121:10.112.0.10:21 tunnel-server

passive mode is essential

Jouk
0 Kudos
Jansen_8
Regular Advisor

тАО07-11-2008 02:38 AM

тАО07-11-2008 02:38 AM

Re: FTP via SSH tunnel problem

solved
thanks for all who replied
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.