SSH.COM is one of the most trusted brands in cyber security. We help enterprises and agencies solve the security challenges of digital transformation with innovative access management solutions.
On Unix, the connection capture component performing the transparent
FTP tunneling is installed from a separate installation package
ssh-tectia-capture. For installation instructions,
see Chapter 2.
The transparent FTP tunneling activation requires defining the
filter rules for transparent FTP tunneling in the Connection Broker configuration file
ssh-broker-config.xml and then running the
The following example shows the minimum settings required in the
<filter-engine> <rule ip-address=".*" ports=".*" action="FTP-TUNNEL" hostname-from-app="YES" username-from-app="YES" fallback-to-plain="NO" /> </filter-engine>
With this configuration, all connections will be tunneled to the destination Secure Shell servers using transparent FTP tunneling. The host name and the user name received from the originating FTP application are used. Falling back to plaintext mode is not done, so if the secure connection fails, the connection is closed.
You can also use a connection profile to define the target Secure Shell server, and then refer to the profile in the filter rule settings, as in the following example:
<profiles> <profile name="paper" id="id1" host="sshserver.example.com" port="22" user=""> </profile> </profiles> <filter-engine> <rule ports=".*" action="FTP-TUNNEL" profile-id="id1" username-from-app="YES" fallback-to-plain="NO" /> </filter-engine>
Notice that when the rule setting
is used, no specific user name must be defined in the connection profile settings
user=""). The user name received from the application overrides the
user names given in the connection profile.
After the Connection Broker configuration enables transparent FTP tunneling,
you can start a tunneled FTP session, for example to
ftp.example.org, by running the following command:
$ ssh-capture ftp ftp.example.org