Transparent FTP tunneling can be used to secure both interactive and unattended FTP sessions. It provides a quick and easy way to secure FTP file transfers without the need to change existing FTP jobs or scripts.
Transparent FTP tunneling is implemented using the SSH Tectia SOCKS Proxy component. SSH Tectia SOCKS Proxy acts as a SOCKS proxy for the FTP client application on the SSH Tectia Server for IBM z/OS host and captures FTP connections based on filter rules. The tunneling is transparent to the user and the FTP application. The only change needed in the FTP application is to change the SOCKS proxy setting to point to a localhost listener.
The SOCKS Proxy uses the hostname, username, and password information provided by the FTP client application to open an authenticated and encrypted tunnel to a Secure Shell server. Alternatively, public-key authentication can be used for opening the tunnel.
The Secure Shell server can also defined in the filter rules. In this case, the secure tunnel is terminated at the Secure Shell server and from there the FTP connection is forwarded to the FTP server unsecured.
To enable transparent FTP tunneling, you need to complete the following tasks:
Configure the SSH Tectia SOCKS proxy to listen on port 1080 on the client host and define the filter rules in the ssh-socks-proxy-config.xml configuration file. See Section Configuring SOCKS Proxy.