Tue, 17 Apr 2007, by [EMAIL PROTECTED]: > On Tuesday 17 April 2007 17:02, Matthew Stringer wrote: > > What I'm hoping to achieve is to create a bastion host box that allows SSH > > connections from anywhere, I can then create users on that box who'll be > > able to create an SSH tunnel to the FTP machines. > I have not run ftp /or telnet in production for years. > > ... the ssh tunnel is ok, but you could try scp instead of ftp. > > In your situation you might try passive ftp... but either way its not > the > best. From the looks of things the passive connection back is not working. > Standard ftp requires two sockets... one to make the connection (commands) > and the other to transmit the data... looks like the data socket isn't > authorized or is failing for some other reason. Are the boxes behind a > firewall on an 192.168 network using NAT (masquerading)? FTP does not > masquerade well without the ftp fix. > > But back to my first point... really, IMHO you would do well to try > scp. I > move files on my systems (even to the outside) exclusively with scp... its > the secure copy that ships with ssh.... can be compressed, encrypted, and > frankly is more flexible than FTP IMO.
If scp, or sFTP would only support virtual user. I'd like to offer users on the FTP server I maintain scp/sFTP, but setting up chroot/scponly is just too much hassle compared to the simple vsftp virtual user setup. Theo -- Theo v. Werkhoven Registered Linux user# 99872 http://counter.li.org ICBM 52 13 26N , 4 29 47E. + ICQ: 277217131 SUSE 10.2 + Jabber: [EMAIL PROTECTED] Kernel 2.6.18 + See headers for PGP/GPG info. Claimer: any email I receive will become my property. Disclaimers do not apply. -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
