Ssh – Why doesn’t FTP work through the ssh tunnel

ftpipssh-tunnelingtunneling

Computer A (assumed that ip is 44.44.44.44)can ftp the host 130.89.148.12.

ftp 130.89.148.12
Connected to 130.89.148.12.
220 ftp.debian.org FTP server
Name (130.89.148.12:debian8): anonymous
331 Please specify the password.
Password:
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.

Computer B (my local pc) can not ftp the host 130.89.148.12.
Let's build a ssh tunnel with ssh command this way:

ssh -L -f -N localhost:2121:130.89.148.12:21   root@44.44.44.44

The ssh tunnel between my local pc and Computer A (44.44.44.44) was connected after password to login into 44.44.44.44.
Then to input the command on my local pc console:

ftp  localhost:2121
ftp: localhost:2121: Name or service not known

What is the matter with my ssh tunnel?

Think to chexum, the right ftp command is ftp localhost 2121
But new problem.

Best Answer

Your approach is not taking in account that contrary to other common protocols, FTP uses both port 20 and port 21 over TCP by default.

The term passive refers that the protocol is slightly better behaved than the initial implementations.

Here is a link:

http://www.slacksite.com/other/ftp.html

Port 20/TCP is used for data, and port 21/TCP for commands.

In Unix, also privileged ports < 1024, only can be bound by root.

So either you do:

sudo ssh -f -N -L 20:130.89.148.12:20 -L 21:130.89.148.12:21 user@44.44.44.44

This way you do not give any extra port, and only use it with

ftp -p localhost

or if you do not have root:

ssh -f -N -L 2120:130.89.148.12:20 -L 2121:130.89.148.12:21 user@44.44.44.44

and then use:

ftp -p -P 2121 localhost

From man ftp http://linux.die.net/man/1/ftp

-p passive mode
-P port

or if with a version of ftp that does not support -P (Debian 9/Ubuntu 16.04):

ftp -p localhost 2121

I will also leave a link to "SSH tunnels local and remote port forwarding explained"

http://blog.trackets.com/2014/05/17/ssh-tunnel-local-and-remote-port-forwarding-explained-with-examples.html

Lastly, I would advise on not using root in the remote system for ssh connections. root is a very powerful account, and should only be reserved for system administration.

Furthermore, in many modern Linuxes ssh remote login as root comes disabled by default.

Why is root login via SSH so bad that everyone advises to disable it?

Related Solutions

SSH – How to Connect Through SSH Tunnel Using Key Pair

Make sure netcat is installed on the Debian server, and use ProxyCommand in your local SSH configuration (~/.ssh/config).

Host Kubuntu_desktop
  ProxyCommand ssh Debian_Server nc localhost 1234

SFTP – How to Use SFTP Over Reverse SSH Tunnel

First, this is a prerequesite (at least for me): Remote desktop over SSH reverse tunnel to replace TeamViewer

The reverse SSH tunnel looks like this:

laptop(SFTP client)--->nat--->middleman<--nat<--desktop(SFTP server)

On laptop edit ~/.ssh/config and add this:

Host SftpToDesktop
  HostName localhost
  Port %p
  User admin
  PasswordAuthentication no
  IdentityFile ~/.ssh/my_id_rsa

Then, with an existing SSH leg from laptop to middleman established already (as per above link), do the following:

$ ssh -fNL 1234:localhost:1234 -i ~/.ssh/some_id_rsa admin@middleman.com

Finally, open Dolphin (if using KDE like me) and enter this location:

sftp://SftpToDesktop:1234

Best Answer

Related Solutions

SSH – How to Connect Through SSH Tunnel Using Key Pair

SFTP – How to Use SFTP Over Reverse SSH Tunnel

Related Question