> On Sun, 24 Sep 2000, Daniel Woods wrote:
> > To use SSH tunnelling for ftp, does it require that users have access
> > to ftp on the server from their IP, or only access to SSH ? Meaning,
> > does sftp or tunnelling only require ftp to be available for 127.0.0.1
> > ? This way I can have tcp_wrappers restricted to only local ftp, but
> > users can use SSH (sftp, tunnelling) to still use secure ftp (but not
> > regular ftp) ?
>
> SFTP != FTP (i.e. they are not interoperable in any way).
Ok, that's what I thought.
> What I said concerns "ordinary" ftp over ssh (version 1 or 2 doesn't
> matter, though ssh2 is more suited to build a complete proxy on top of).
> SFTP is a totally different matter and in the case you have it installed
> and your clients are sftp enabled you are fine. Though if you want to run
> "ordinary" ftp tunneled (i.e. your users wants to use some "off the shelf"
> ftp client for file transfer), what you describe is true, i.e. you can set
> up the ftp server to listen on 127.0.0.1 on the machine containing a ssh
> server and then use a ftp enabled ssh client to access it.
> Cheers,
> /Mats
I can see having users use a secure FTP client (like secureFTP), but that's
not what FrontPage (Yuck) or other HTML editors use. From my understanding
of tunnelling, the user would have to open up a ssh session with my server
first and then let their FTP client (or HTML editor) send the files. But
first their SSH config for my site would have to set up port forwarding
(tunnelling) from local 21 to remote server (which port ?).
Is this correct ?
Can you provide an example.
Thanks... Dan.
