HPE Community
Operating System - OpenVMS
1753603 Members
6412 Online
108797 Solutions
New Discussion юеВ

Permanent or automated SSH tunnel--possible?

 
SOLVED
Go to solution
Robert Gezelter
Honored Contributor

тАО01-28-2008 08:31 AM

тАО01-28-2008 08:31 AM

Re: Permanent or automated SSH tunnel--possible?

Galen,

Re: Your last posting.

C-Kermit (http://www.columbia.edu/kermit ) provides KERMIT protocol file transfers and you can use the TELNET protocol within the stunnel context.

- Bob Gezelter, http://www.rlgsc.com
0 Kudos
Reply
Joseph Huber_1
Honored Contributor

тАО01-28-2008 11:30 AM

тАО01-28-2008 11:30 AM

Re: Permanent or automated SSH tunnel--possible?


>> Now, since ftp won't work through stunnel I'm going to be looking for a way to do ftp's as well.

This Your conclusion astonishes me:
why does ftp not work through stunnel ?
Although I don't need it on a regular basis, I have setup stunnel for ftp, and it worked well.
As far I remember, the only requirement was support of PASV on both, the client and server side.
And as far I see, stunnel is the only option which can be automated in the sense, that one can establish the stunnel ftp port at system startup, and afterwards it can be used (almost) transparently, only the clients port number has to be changed from the default.
http://www.mpp.mpg.de/~huber
0 Kudos
Reply
Steven Schweda
Honored Contributor

тАО01-28-2008 12:08 PM

тАО01-28-2008 12:08 PM

Re: Permanent or automated SSH tunnel--possible?

I'm a bit dense, so don't mind me, but I'm
still wondering why adding a couple of routes
on the accessible systems at both ends (A, C)
doesn't solve the whole problem.
0 Kudos
Reply
Galen Tackett
Valued Contributor

тАО01-31-2008 06:38 AM

тАО01-31-2008 06:38 AM

Re: Permanent or automated SSH tunnel--possible?

Steve,

It would definitely solve the problem if I were allowed to do it.

It's silly, I know, but I can get it past the authorities easier with a tunnel than with a route.

Essentially, there's an understanding that we monkey with TCP/IP routes on the Bnet hosts except to fix customer problems. The difficulty for a couple of our developers to reach C from A is not a problem that's even on this customer's radar.

Using stunnel doesn't constitute adding a TCP/IP route, so it wouldn't be a violation of this understanding.

SOME of the 3-4 developers have a direct connection to Cnet in their offices; but I don't and there aren't any more drops available to Cnet here. (In addition to development work, I'm also the system manager for the A and C systems, and sort of co-manager for B.)

If you're really interested in the minutiae I could go on and on. But if I say too much someone might come around and terminate us both with extreme prejudice. :-)
0 Kudos
Reply
Steven Schweda
Honored Contributor

тАО01-31-2008 09:55 AM

тАО01-31-2008 09:55 AM

Re: Permanent or automated SSH tunnel--possible?

My point was that it seemed to me that one
could get the desired effect by adding routes
on only the NetA and NetC systems, not on the
NetB systems (which already seem to be able
to find the NetA and NetC systems).

But if you're happy, ...
0 Kudos
Reply
Galen Tackett
Valued Contributor

тАО01-31-2008 10:49 AM

тАО01-31-2008 10:49 AM

Re: Permanent or automated SSH tunnel--possible?

Joseph,

> This Your conclusion astonishes me:
> why does ftp not work through stunnel ?

I believe I've read that stunnel will handle command connection of an ftp session but not the data connection. This appears to be borne out by the error I get.

I've set up stunnel_client.conf on my HostA to accept an ftp connection on port 921, "forwarding" to 921 on HostB. HostB's stunnel_server.conf is set to accept a connection on port 921, "forwarding" to port 21 on HostC.

ftp localhost 921
220 HostC FTP Server (Version 5.6) Ready
FTP> passive on
Passive is ON.
dir
227 Entering Passive Mode (nn,nn,nn,nn,203,26)
%TCPIP-E-FTP_DATACONF, cannot establish data connection with remote host
-SYSTEM-F-REJECT, connect to network opject rejected

Maybe I'm missing a bit of setup somewhere?
0 Kudos
Reply
Galen Tackett
Valued Contributor

тАО01-31-2008 11:04 AM

тАО01-31-2008 11:04 AM

Re: Permanent or automated SSH tunnel--possible?

Oops. I forgot to mention that nn,nn,nn,nn was meant to represent the IP address of HostC as displayed by FTP.
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.