HPE Community
Operating System - OpenVMS
1752681 Members
5411 Online
108789 Solutions
New Discussion юеВ

SFTP via a PROXY

 
robert70
Valued Contributor

тАО02-24-2010 02:15 AM

тАО02-24-2010 02:15 AM

SFTP via a PROXY

Hello,
How can I setup a Secure FTP session via a Proxy Server?

There dosent appear to be any option for this with SFTP2?

Usage: sftp2 [-D debug_level_spec] [-B batchfile] [-S path] [-h]
[-V] [-P port] [-b buffer_size]
[-4] [-6] "[-C]" [-o option_to_ssh2]
[user@]host[#port]

My versions of TCPIP:-
TCPIP> show version

HP TCP/IP Services for OpenVMS Alpha Version V5.4 - ECO 7
on a COMPAQ AlphaServer DS20E 666 MHz running OpenVMS V7.3-2

and version of sftp2:-

DAVE$ sftp2 "-V"
dave$dkb0:[sys0.syscommon.][sysexe]tcpip$ssh_sftp2.exe: SSH Secure Shell OpenVMS
(V5.5) 3.2.0 on COMPAQ AlphaServer DS20E 666 MHz - VMS V7.3-2

Thanks

0 Kudos
Reply
4 REPLIES 4
Hoff
Honored Contributor

тАО02-24-2010 03:07 AM

тАО02-24-2010 03:07 AM

Re: SFTP via a PROXY

What are the particular project goals and requirements here? Yes, I understand the direct question. It's not clear if you're monitoring, attempting to bypass a firewall block, intent on logging file transfers, or other such.

The ssh path is usually either allowed, or it is blocked.

ssh (and thus sftp) doesn't usually get proxied. It's deliberately intended to be somewhat resistant to man-in-the-middle, which means that folks that need this sort of thing tend to go for a gateway or such. Or tunneling.

And tunneling a tunnel is, well, somewhat higher in the absurdity dimension than baseline IT norms.

There are folks around that run sftp tunneled over https via proxy server via a package known as corkscrew or by proxytunnel (the latter is over on Sourceforge), but then there are also folks that tunnel IP over DNS, too. These tunnels tend to require the far end have sftp configured via 443, so this requirement tends to be a flag for local IT policies run amok, or potentially as an indication of nefarious LAN activities. If this is a legitimate request, it's best time to escalate this and to cause local management to sort this mess out for you.

So. What are you really up to?
0 Kudos
Reply
robert70
Valued Contributor

тАО02-24-2010 03:17 AM

тАО02-24-2010 03:17 AM

Re: SFTP via a PROXY

We are on a corporate LAN/WAN which we can FTP to external clients via a proxy server.
We deliver data files on a daily basis to them.
One of these said clients has now requested we Secure FTP to them rather than FTP.

i was able to setup FTP via the proxy a couple of years ago without any problems and just didnt see the obvious way you would use SFTP or SCP to acheive this.

By the sounds of it I may have to go to my IT resource centrally which i dont really want to involve in this if there is a possibility of acheiving the goal myself (as was the case in FTP)

Roger
0 Kudos
Reply
Hoff
Honored Contributor

тАО02-24-2010 05:46 AM

тАО02-24-2010 05:46 AM

Re: SFTP via a PROXY

Engage your manager and your IT organization.

Any IT organization that blocks legitimate and secure customer-facing network communications is usually a good sign it's time to short your company's stock and/or to dust off and update your own resume. In all bluntness.

In general, ftp is typically somewhere between a last resort and a bad choice. It would usually be better to push via sftp, and to only fall back to ftp for those entities that don't particularly care about security.

0 Kudos
Reply
robert70
Valued Contributor

тАО02-24-2010 05:53 AM

тАО02-24-2010 05:53 AM

Re: SFTP via a PROXY

many thanks Hoff
will proceed via my IT
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.