Tunneling FTP in Passive Mode
In passive mode, the FTP client sends the command PASV to the server, which reacts
by opening a listener port for the data channel and sending the IP address and port
number of the listener as a reply to the client. The reply is of the form 227 Entering
Passive Mode (10,1,60,99,6,12).
When the Secure Shell client notices the reply to the PASV command, it will
create a local port forwarding to the destination mentioned in the reply. After
this the client will rewrite the IP address and port in the reply to point to
the listener of the newly created local port forwarding (which exists always in
a localhost address, 127.0.0.1) and pass the reply to the FTP client. The FTP
client will open a data channel based on the reply, effectively tunneling the
data through the Secure Shell connection, to the listener the FTP server has opened. The
net effect is that the data channel is secure all the way except from the Secure
Shell server to the FTP server if they are on different machines. This sequence
of events takes place automatically for every data channel.
Since the tunnel is opened to a localhost address, the FTP client must run
on the same machine as the Secure Shell client if passive mode is used.
