On Unix, the connection capture component performing the transparent
FTP tunneling is installed from a separate installation package
ssh-tectia-capture
. For installation instructions,
see Chapter 2.
The transparent FTP tunneling activation requires defining the
filter rules for transparent FTP tunneling in the Connection Broker configuration file
ssh-broker-config.xml
and then running the
ssh-capture command.
The following example shows the minimum settings required in the
ssh-broker-config.xml
file:
<filter-engine> <rule ip-address=".*" ports=".*" action="FTP-TUNNEL" hostname-from-app="YES" username-from-app="YES" fallback-to-plain="NO" /> </filter-engine>
With this configuration, all connections will be tunneled to the destination Secure Shell servers using transparent FTP tunneling. The host name and the user name received from the originating FTP application are used. Falling back to plaintext mode is not done, so if the secure connection fails, the connection is closed.
You can also use a connection profile to define the target Secure Shell server, and then refer to the profile in the filter rule settings, as in the following example:
<profiles> <profile name="paper" id="id1" host="sshserver.example.com" port="22" user=""> </profile> </profiles> <filter-engine> <rule ports=".*" action="FTP-TUNNEL" profile-id="id1" username-from-app="YES" fallback-to-plain="NO" /> </filter-engine>
Notice that when the rule setting username-from-app="YES"
is used, no specific user name must be defined in the connection profile settings
(user=""
). The user name received from the application overrides the
user names given in the connection profile.
After the Connection Broker configuration enables transparent FTP tunneling,
you can start a tunneled FTP session, for example to
ftp.example.org
, by running the following command:
$ ssh-capture ftp ftp.example.org