RE: FTP over SSH

Suppose you are sitting inside a LAN and wants to ftp over SSH to an FTP
server residing in another LAN. And both networks have firewalls in
between. So on the local LAN, you open up both in-bound and out-bound port
22 for ssh, and with a proxy-based firewall or a stateful inspecting
firewall, you open up ftp. Otherwise with packet-filtering firewall, you
open an inbound and outbound port 21 for FTP command channel and open a
range of ports (1024 and up) for outbound ports, which would automatically
include ftp's dynamic and transient ports for data channels. Its much
tougher to set up at the remote LAN if with a packet-filtering firewall.
You open up in- and out-bound port 22 (ssh), port 21 (ftp command channel),
optionally port 20 (ftp data channel listening port), and a range of inbound
ports (1024 and up). Some FTP server let you specify the range of data
ports, so you can limit from port 5000 to 5005 so as to relieve your packet
filtering firewalls security concern. However, with a proxy-based or
stateful inspecting firewalls, you just need to open up ftp. The
disadvantage with proxy-based firewalls is that they are resource hogs.
That's why the industry trend is to go with stateful inspecting firewalls
like Checkpoint's firewalls. Linux has some open source stateful inspecting
firewalls. Please those who know can shed more lights on the Linux open
source firewalls. I am using a tiny linux firewall called coyote (not
really a stateful inspecting one). It runs for two years now without any
glitch (except for some power outages).
 
Just my 5 cents.

-----Original Message----
From: Alex Yantifovich [mailto:alex@b-swing.com]
Sent: Friday, January 24, 2003 12:25 PM
To: ssh-l@erdelynet.com
Subject: RE: FTP over SSH

What ports do i need open of the firewall to be able to FTP over SSH, other
then port:22 ??
 

-----Original Message-----
From: ssh-l-admin@erdelynet.com [mailto:ssh-l-admin@erdelynet.com]On Behalf
Of Carl
Sent: Thursday, January 23, 2003 7:01 PM
To: ssh-l@erdelynet.com
Subject: Re: FTP over SSH

WinSCP is just convenient in that it gives you a Windows Explorer like
interface where you can drag and drop to up/download files. I'm not sure
about the support but it works quite well and is fairly straight forward to
use. No need to launch the shell first.
 
OpenSSH with FTP works well also and has the added advantage (for me) of
letting me use file access defined in my FTP server, with the slight
disadvantage of having to launch the SSH (plink or whatever).
 
I think they both have their use depending on the situation. Also, like
many things, the one you learn first might be the one you tend to like.
 
Carl

----- Original Message -----
From: Greg Paik <mailto:gpaik@smithandhawken.com>
To: 'ssh-l@erdelynet.com' <mailto:'ssh-l@erdelynet.com'>
Sent: Thursday, January 23, 2003 5:30 PM
Subject: RE: FTP over SSH

I was under the impression that development on WinSCP gone now in favor of
Cygwin and OpenSSH.
 
 
Greg
 
 

CONFIDENTIALITY NOTICE

This message and any included attachments
are from Cerner Corporation and are intended
only for the addressee. The information
contained in this message is confidential and
may constitute inside or non-public information
under international, federal, or state
securities laws. Unauthorized forwarding,
printing, copying, distribution, or use of such
information is strictly prohibited and may be
unlawful. If you are not the addressee, please
promptly delete this message and notify the
sender of the delivery error by e-mail or you
may call Cerner's corporate offices in Kansas
City, Missouri, U.S.A at (+1) (816)221-1024.
---------------------------------------- --

--
List Information: http://tech.erdelynet.com/mailman/listinfo/ssh-l/
List Archives:    http://erdelynet.com/archive/ssh-l/
To Unsubscribe: Go to http://tech.erdelynet.com/mailman/listinfo/ssh-l/ and enter your email address at the bottom to "Edit Options". If you don't know your password, have it emailed to you. Then unsubscribe.