SSH Tectia ConnectSecure provides a FTP-SFTP conversion feature which captures plaintext FTP connections initiated by an FTP client and converts them to SFTP before the file transfer is started. All user names, passwords, and data are then transferred in encrypted format.
Existing FTP connections, including automated file transfers, can be transparently converted to SFTP without the need to modify the existing scripts or applications. Users can keep working with their familiar applications and use the existing IDs and authentication methods.
The FTP-SFTP conversion module allows easy and cost-effective replacement of plaintext file transfers in large enterprise environments. Existing FTP scripts and client applications need no modifications. Only the FTP server will be replaced with an SFTP server.
Any existing client with FTP functionality can be used as before:
Application hard-coded FTP
Script-based automated FTP
Interactive
passive or active FTP,
for example Windows Explorer FTP, web-browser-based FTP, command-line
ftp
, or FTP GUI applications.
With SSH Tectia ConnectSecure, the FTP-SFTP conversion feature can connect to SSH Tectia Server or any other Secure Shell server. When SSH Tectia is used as the server-side conterpart, it can run on any supported platform: on Linux, HP-UX, AIX, Solaris, Windows, or IBM mainframe.
SSH Tectia ConnectSecure can be configured to extract the user name, password, and destination host name from the secured FTP application, and to use them for authentication and connection setup on the Secure Shell SFTP server. The configuration is made as a filter rule in the Connection Broker configuration file, and the same rule can be defined to cover all FTP traffic. In large FTP environments, this simple rule setting can save the effort of defining hundreds of connection profiles which would otherwise be needed separately for each destination.
The principle of FTP-SFTP conversion is shown in Figure 3.2.
The following steps happen during the FTP-SFTP conversion:
An application, a script, or a user triggers a file transfer.
The original FTP client in the File Transfer Client host starts opening a file transfer connection to the original destination FTP server (in File Transfer Server).
The SSH Tectia connection capture module captures the connection before it leaves the client side. SSH Tectia ConnectSecure checks and applies the filter rules that specify which connections to capture. The filter rules are defined in the Connection Broker configuration. Connections can be captured based on the FTP application used and the destination address and/or the port.
SSH Tectia ConnectSecure can extract the user name, password, and the destination host name from the secured FTP application, and use them for authentication and connection setup with the Secure Shell SFTP server.
The FTP-SFTP conversion module manages the FTP connection so that it remains unchanged from the original FTP client's point of view. FTP is converted to secure SFTP file transfer.
The SFTP connection is managed by the Connection Broker module.
The Secure Shell SFTP server in the File Transfer Server host is the end point of the file transfer.
The unsecured original FTP server program can be eliminated from the server host.