On Unix, the connection capture component performing the SFTP
conversion is installed from a separate installation package
ssh-tectia-capture
.
For installation instructions, see Chapter 2.
On Unix, the FTP-SFTP conversion activation requires defining the filter rules for SFTP conversion in the Connection Broker configuration and then running the ssh-capture command.
The FTP-SFTP conversion settings are defined in the Connection Broker configuration file. The following example configuration converts any FTP connections to port 21 on any host to SFTP. The user name and the destination host name are taken from the application that initiates the connection.
<filter-engine> <rule application=".*" host=".*" ip-address=".*" ports="21" action="FTP-PROXY" hostname-from-app="yes" username-from-app="yes" /> </filter-engine>
With the above configuration, you can start an FTP session for
example to host address ftp.example.org
with FTP-SFTP conversion
enabled by running the following command:
$ ssh-capture ftp ftp.example.org
To start a bash shell session with FTP-SFTP conversion enabled for all commands, run the following command:
$ ssh-capture bash
Note that there are limitations on capturing suid applications. For more information, see the Note about capture restrictions.
In addition, if the target SFTP server is configured to send a banner to the client, the Connection Broker can forward the SFTP server banner to the FTP client if the rule contains the following line:
show-sftp-server-banner="yes"
For example:
<filter-engine> <rule application=".*" host=".*" ip-address=".*" ports="21" action="FTP-PROXY" hostname-from-app="yes" username-from-app="yes" show-sftp-server-banner="yes" /> </filter-engine>
If a connection profile is used in the FTP-SFTP conversion, you must create a filter rule
that specifies the used connection profile, and to make sure that
show-sftp-server-banner="yes"
is included in the rule.
Note | |
---|---|
Make sure that you have enabled showing the server banner
(server-banners visible="yes" ) in the connection default Connection Broker configuration,
or in the used connection profile if the default settings are not used. |
Note | |
---|---|
Sending SFTP server banner to the FTP client will cause an extra connection opening to the target SFTP server for retrieving the banner message. |
In case of a failure in retrieving the banner message from the target SFTP server, the banner that Connection Broker forwards to the FTP client includes an error description, a default banner, and the following text:
Can't fetch banner from SFTP Server