Computer A (assumed that ip is 44.44.44.44)can ftp the host 130.89.148.12.
ftp 130.89.148.12
Connected to 130.89.148.12.
220 ftp.debian.org FTP server
Name (130.89.148.12:debian8): anonymous
331 Please specify the password.
Password:
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
Computer B (my local pc) can not ftp the host 130.89.148.12.
Let's build a ssh tunnel with ssh command this way:
ssh -L -f -N localhost:2121:130.89.148.12:21 root@44.44.44.44
The ssh tunnel between my local pc and Computer A (44.44.44.44) was connected after password to login into 44.44.44.44.
Then to input the command on my local pc console:
ftp localhost:2121
ftp: localhost:2121: Name or service not known
What is the matter with my ssh tunnel?
Think to chexum, the right ftp command is ftp localhost 2121
But new problem.
Best Answer
Your approach is not taking in account that contrary to other common protocols, FTP uses both port 20 and port 21 over TCP by default.
The term passive refers that the protocol is slightly better behaved than the initial implementations.
Here is a link:
http://www.slacksite.com/other/ftp.html
Port 20/TCP is used for data, and port 21/TCP for commands.
In Unix, also privileged ports < 1024, only can be bound by root.
So either you do:
This way you do not give any extra port, and only use it with
or if you do not have root:
and then use:
From man ftp http://linux.die.net/man/1/ftp
-p passive mode
-P port
or if with a version of
ftp
that does not support-P
(Debian 9/Ubuntu 16.04):I will also leave a link to "SSH tunnels local and remote port forwarding explained"
http://blog.trackets.com/2014/05/17/ssh-tunnel-local-and-remote-port-forwarding-explained-with-examples.html
Lastly, I would advise on not using root in the remote system for ssh connections. root is a very powerful account, and should only be reserved for system administration.
Furthermore, in many modern Linuxes ssh remote login as root comes disabled by default.
Why is root login via SSH so bad that everyone advises to disable it?