With FTP-SFTP conversion, SSH Tectia ConnectSecure can automatically capture FTP connections on the client and convert them to SFTP and direct them to an SFTP server running SSH Tectia Server, SSH Tectia Server for IBM z/OS or another vendor's Secure Shell server software. The FTP-SFTP conversion requires no changes in the existing FTP scripts or applications, so end-users are not required to change the way they use their applications. However, since the FTP server will be eliminated, any post-processing task performed by it must be directed somewhere else.
The FTP-SFTP conversion feature requires the connection capture component. Select the FTP-SFTP conversion and TCP tunneling option during the installation. See the installation instructions in Chapter 2.
The FTP-SFTP conversion rules are defined in the SSH Tectia configuration
GUI, or in the Connection Broker configuration file ssh-broker-config.xml
,
in the filter-engine
element.
See the section called “The filter-engine
Element”.
When a global configuration file exists, (for example when
SSH Tectia ConnectSecure is controlled by SSH Tectia Manager,) and it includes the filter-engine
element, those settings are applied. The global configuration file is located in
/etc/ssh2/ssh-broker-config.xml
on Unix, and
"C:\Program Files\SSH Communications Security\SSH Tectia\SSH Tectia
Broker\ssh-broker-config.xml"
on Windows.
Only if no global configuration files are available, the settings are read from the user-specific configuration file.
For configuration examples, see these sample files:
etc/ssh2/ssh-broker-config-example-capture.xml
and
etc/ssh2/ssh-broker-config-example.xml
on Unix
"<INSTALLDIR>\SSH Tectia Broker\ssh-broker-config-example-capture.xml
" and
"<INSTALLDIR>\SSH Tectia Broker\ssh-broker-config-example.xml
" on Windows
The destination host must have a Secure Shell Server installed. Also
note that the host key for the server must already be saved as a known host
key on SSH Tectia ConnectSecure. To save the host key, connect to the server with
sshg3
and save the host key sent by the server. For
instructions, see First Login to a Remote Host.
When enabling FTP-SFTP conversion, consider also how the server host keys will be handled. You can choose between strict host key checking and accepting even unknown keys for the current session. For configuration instructions, see Managing Host Keys.
Caution | |
---|---|
Consider carefully before enabling Accept unknown host keys. Disabling the host-key checks can make you vulnerable to a man-in-the-middle attack. |
On Windows, the conversion rules can also be set with the SSH Tectia Configuration GUI on the FTP-SFTP Conversion page. See Defining Filter Rules.