Your browser does not allow storing cookies. We recommend enabling them.

SSH Tectia

Enabling Transparent FTP Tunneling (Unix)

On Unix, the connection capture component performing the transparent FTP tunneling is installed from a separate installation package ssh-tectia-capture. For installation instructions, see Chapter 2.

The transparent FTP tunneling activation requires defining the filter rules for transparent FTP tunneling in the Connection Broker configuration file ssh-broker-config.xml and then running the ssh-capture command.

The following example shows the minimum settings required in the ssh-broker-config.xml file:

<filter-engine>
    <rule  ip-address=".*"
           ports=".*"
           action="FTP-TUNNEL"
           hostname-from-app="YES"
           username-from-app="YES"
           fallback-to-plain="NO" />
</filter-engine>

With this configuration, all connections will be tunneled to the destination Secure Shell servers using transparent FTP tunneling. The host name and the user name received from the originating FTP application are used. Falling back to plaintext mode is not done, so if the secure connection fails, the connection is closed.

You can also use a connection profile to define the target Secure Shell server, and then refer to the profile in the filter rule settings, as in the following example:

<profiles>
  <profile name="paper"
           id="id1"
           host="sshserver.example.com"
           port="22"
           user="">
  </profile>
</profiles>
               
<filter-engine>
    <rule  ports=".*"
           action="FTP-TUNNEL"
           profile-id="id1"
           username-from-app="YES"
           fallback-to-plain="NO" />
</filter-engine>

Notice that when the rule setting username-from-app="YES" is used, no specific user name must be defined in the connection profile settings (user=""). The user name received from the application overrides the user names given in the connection profile.

After the Connection Broker configuration enables transparent FTP tunneling, you can start a tunneled FTP session, for example to ftp.example.org, by running the following command:

$ ssh-capture ftp ftp.example.org


 

 
What to read next:

  • Reduce Secure Shell risk. Get to know the NIST 7966.



    The NISTIR 7966 guideline from the Computer Security Division of NIST is a direct call to action for organizations regardless of industry and is a mandate for the US Federal government.
    Download now
  • ISACA Practitioner Guide for SSH



    With contributions from practitioners, specialists and SSH.COM experts, the ISACA “SSH: Practitioner Considerations” guide is vital best practice from the compliance and audit community.
    Download now