Your browser does not allow storing cookies. We recommend enabling them.

SSH Tectia

Enabling FTP-SFTP Conversion (Unix)

On Unix, the connection capture component performing the SFTP conversion is installed from a separate installation package ssh-tectia-capture. For installation instructions, see Chapter 2.

On Unix, the FTP-SFTP conversion activation requires defining the filter rules for SFTP conversion in the Connection Broker configuration and then running the ssh-capture command.

The FTP-SFTP conversion settings are defined in the Connection Broker configuration file. The following example configuration converts any FTP connections to port 21 on any host to SFTP, and allows falling back to plain text transfer mode in case the secure connection cannot be established. The user name and the destination host name are taken from the application that initiates the connection.

    <rule application=".*"
          fallback-to-plain="yes" />

With the above configuration, you can start an FTP session for example to host address with FTP-SFTP conversion enabled by running the following command:

$ ssh-capture ftp

The SSH Tectia ConnectSecure has an option to allow plaintext FTP used if the secure SFTP connection cannot be established. You can enable fallback to plaintext FTP in the configuration file as shown above and then by adding option -F or --fallback to the command:

$ ssh-capture -F ftp

When allowing fallback to plaintext with setting fallback-to-plain="yes", always specify the port unambiquously in the configuration. Otherwise, the connection to a plaintext FTP server may fail in passive mode file transfer.

To start a bash shell session with FTP-SFTP conversion enabled for all commands, run the following command:

$ ssh-capture bash

Note that there are limitations on capturing suid applications. For more information, see the Note about capture restrictions.




What to read next:

  • Reduce Secure Shell risk. Get to know the NIST 7966.

    The NISTIR 7966 guideline from the Computer Security Division of NIST is a direct call to action for organizations regardless of industry and is a mandate for the US Federal government.
    Download now
  • ISACA Practitioner Guide for SSH

    With contributions from practitioners, specialists and SSH.COM experts, the ISACA “SSH: Practitioner Considerations” guide is vital best practice from the compliance and audit community.
    Download now