Transparent FTP tunneling is an extension to the local tunneling mechanism. In transparent FTP tunneling, SSH Tectia ConnectSecure monitors the tunneled FTP control channel and dynamically creates new tunnels for the data channels as they are requested.
Transparent FTP tunneling is completely transparent from the user's point of view, and no changes are needed in the FTP configuration. The existing FTP client and FTP server are kept running.
Transparent FTP tunneling only supports tunneling the FTP protocol, not any other applications. For tunneling of TCP-based applications, use the transparent TCP tunneling functionality, see Transparent TCP Tunneling.
The destination host must have a Secure Shell Server installed. Also note that the host key for the server must already be saved as a known host key. To save the host key, connect to the server with
sshg3 and save the host key sent by the server. For instructions, see First Login to a Remote Host.
When enabling transparent FTP tunneling, consider also how the server host keys will be handled. You can choose between strict host key checking and accepting even unknown keys for the current session. For configuration instructions, see Managing Host Keys.
Consider carefully before enabling Accept unknown host keys. Disabling the host-key checks can make you vulnerable to a man-in-the-middle attack.
When a global configuration file exists, (for example when SSH Tectia ConnectSecure is controlled by SSH Tectia Manager,) and it includes the
filter-engine element, those settings are applied. The global configuration file is located in
/etc/ssh2/ssh-broker-config.xml on Unix, and
"C:\Program Files\SSH Communications Security\SSH Tectia\SSH Tectia Broker\ssh-broker-config.xml" on Windows.