HPE Community read-only access December 15, 2018
This is a maintenance upgrade. You will be able to read articles and posts, but not post or reply.
Hours:
Dec 15, 4:00 am to 10:00 am UTC
Dec 14, 10:00 pm CST to Dec 15, 4:00 am CST
Dec 14, 8:00 pm PST to Dec 15, 2:00 am PST
Operating System - OpenVMS
cancel
Showing results for 
Search instead for 
Did you mean: 

FTP via SSH tunnel problem

 
Jansen_8
Regular Advisor

FTP via SSH tunnel problem

Hi all,

I'm trying to setup a FTP session via a SSH-tunnel. I do exactly the same from a linux client and a VMS client (same commands same servers etc..). However the linux client works where the VMS client fails.

My system : OpenVMS Alpha 8.3
TCPIP services 5.6 ECO 2
I have both TCPIP$FTP_ALLOW_ADDR_REDIRECT and TCPIP$FTP_ALLOW_PORT_REDIRECT defined to 1 in the system table. and resterted the FTP-client after that.


Set up the tunnel :
$ ssh -L 2121:10.112.0.10:21 tunnel-server


Making connection :
sirba-jj) ftp localhost 2121
220 (vsFTPd 2.0.6)
Connected to LOCALHOST.
Name (LOCALHOST:joukj):
331 Please specify the password.
Password:
230 Login successful.
FTP> cd electron/elstru
250 Directory successfully changed.
FTP> ls
500 Illegal PORT command.
FTP>


So it seems that the connection is made. The cd command works fine (as does pwd) but ls (and ie. get) give the error message.
Note that the same from a linux client works fine.

tunnel-server and 10.112.0.10 are both linux machines.

Can anybody give me any suggestions what may be wrong?

Thanks
Jouk
5 REPLIES
Duncan Morris
Honored Contributor

Re: FTP via SSH tunnel problem

Jouk,

before using "ls" or other commands, try
"passive on"


Duncan
Jansen_8
Regular Advisor

Re: FTP via SSH tunnel problem

The "passive on" does not help. it just gives another error:


sirba-jj) ftp localhost 2121
220 (vsFTPd 2.0.6)
Connected to LOCALHOST.
Name (LOCALHOST:joukj):
331 Please specify the password.
Password:
230 Login successful.
FTP> passive on
Passive is ON.
FTP> ls
227 Entering Passive Mode (10,112,0,10,170,24).
%TCPIP-E-FTP_DATACONF, cannot establish data connection with remote host
-SYSTEM-F-REJECT, connect to network object rejected
FTP>

Richard Whalen
Honored Contributor

Re: FTP via SSH tunnel problem

In order to successfully tunnel an FTP session over SSH it is necessary for SSH to recognize the PORT and PASV commands and their responses and make the necessary substitutions just as a NAT device would. It is possible that the Linux SSH code is built with such code and that the TCP/IP Services code is not.

Process Software's SSH software is built with code to recognize FTP tunnels and it generally works better in PASV mode than PORT mode.
Jansen_8
Regular Advisor

Re: FTP via SSH tunnel problem

I found the solution:

You do not need the TCPIP$FTP_ALLOW_ADDR_REDIRECT & TCPIP$FTP_ALLOW_PORT_REDIRECT logicals

The tunnel has to be set up in a slightly different way:
ssh -"L" ftp/2121:10.112.0.10:21 tunnel-server

passive mode is essential

Jouk
Jansen_8
Regular Advisor

Re: FTP via SSH tunnel problem

solved
thanks for all who replied