Your browser does not allow storing cookies. We recommend enabling them.

SSH

Principle of Transparent FTP Tunneling

Transparent FTP tunneling

Figure 5.5. Transparent FTP tunneling

The following steps happen in transparent FTP tunneling:

  1. An application, a script, or a user triggers a file transfer.

  2. The FTP client in the File Transfer Client machine starts a file transfer to the FTP server in File Transfer Server.

  3. The Tectia connection capture module captures the connection before it leaves the client side. Tectia ConnectSecure checks and applies the filter rules that specify which connections to capture. The filter rules are defined in the Connection Broker configuration. Connections can be captured based on the FTP application used and the destination address and/or port.

  4. Tectia ConnectSecure can extract the user name, password, and destination host name from the secured FTP application, and use them for authentication and connection setup with the Secure Shell server.

    The Connection Broker module creates an authenticated and encrypted Secure Shell tunnel to a Secure Shell server. The user can be authenticated with the FTP user name and password, or with public keys. The Secure Shell server can be the FTP server specified in the original FTP request, or another server can be configured in the filter rules.

  5. The secure tunnel is terminated at the Secure Shell server.

  6. The Secure Shell server forwards the connection to the FTP Server, and the FTP server can continue with post-processing of the transferred files. If the FTP server is located on a third host, the connection from the Secure Shell server to the FTP server will be unsecured. This is why it is recommended that there is at least one Secure Shell server in each physically secured area, for instance in a machine room.


 

 
Highlights from the SSH.COM blog:

  • Cryptomining with the SSH protocol: what big enterprises need to know about it

    Cryptomining malware is primarily thought of as targeting desktops and laptops and is used to hijack system resources to mine cryptocurrency.
    Read more
  • SLAM the door shut on traditional privileged access management

    Did you know that something as trivial-sounding as granting access for your developers or third parties to a product development environment can throw a gorilla-sized monkey wrench into your operations and productivity?
    Read more
  • We broke the IT security perimeter

    Everyone understands the concept of a security perimeter. You only gain access if you are identified and authorized to do so.
    Read more