> > Right. You have to use FTP in passive mode. The control port (21) doesn't
> > tunnel right.
>
> As stated earlier on this list you can not (fully) tunnel FTP without
> using an "ftp enabled" client (and/or server), that is the ONLY solution
> if you want ALL traffic to the ftp server to be encrypted (also needed if
> e.g. the ftp server is "behind" a firewall which you can only "traverse"
> through ssh). I thought this was added to the FAQ though? If not, couldn't
> someone add it since it's quite a FAQ (as far as I've seen).
To use SSH tunnelling for ftp, does it require that users have
access to ftp on the server from their IP, or only access to SSH ?
Meaning, does sftp or tunnelling only require ftp to be available
for 127.0.0.1 ? This way I can have tcp_wrappers restricted to
only local ftp, but users can use SSH (sftp, tunnelling) to still
use secure ftp (but not regular ftp) ?
Another reason for this is for those users that use HTML editors
that download via ftp, but I want them to use secure tunnel so that
their passwords are encrypted.
Thanks... Dan.
