As the subject says I've just updated my http://fy.chalmers.se/~appro/ssh_beyond.html. The patch is relative to 1.2.27, but it's not the real news. The real news are gracious (well, as it appears to me:-) support for secure FTP transfers at client side and enhanced SSH2 compatibility mode at server side. As for secure (i.e. both command and data are tunneled) FTP transfers. Idea is to spoof (intercept and override) PORT (was implemented on server side in earlier patch revision) and replies to PASV commands with dynamic one-time forwadings. You can't get it work in 100% cases (never will be able:-), but if you're persistent you should be able to find a way. Here's "matrix." - Local forwarding cases. FTP client - modified SSH client ==== *any* SSH server - FTP server If FTP client goes passive mode, modified client takes care of everything by spoofing replies to PASV commands (I really wonder why this wasn't implemented! At least none of the clients I've tried so far support this. Has anybody seen/heard of anything similar?). If FTP client goes active, data transfers become clear-text and work as long as FTP client was connected to SSH client through interface which has route to the FTP server. FTP client - modified SSH client ==== modified SSH server - FTP server Works either way (passive or active), both sides spoof whatever is appropriate to spoof:-). No way to go clear-text. FTP client - F-Secure SSH for Mac/PC ==== modified SSH server - FTP server If FTP client goes active, modified SSH server takes care of everything by spoofing PORT commands. It's possible as F-Secure appears to accept reverse forwardings (surprise!). If FTP client goes passive, data tranfers become clear-text and work as long as FTP server was invoked at interface which has route to FTP client. - Remote forwarding cases. FTP server - modified SSH client ==== *any* SSH server - FTP client FTP client goes active, modified SSH client takes care of everything by spoofing PORT commands. "Routing" limitations apply otherwise. FTP server - modified SSH client ==== modified SSH server - FTP client Works either way (passive or active), both sides spoof whatever is appropriate to spoof:-). No way to go clear-text. FTP server - F-Secure SSH for Mac/PC ==== modified SSH server - FTP client FTP client goes passive, modified SSH server takes care of everything by spoofing replies to PASV commands. "Routing" limitations apply otherwise. Cheers. Andy.
