Your browser does not allow storing cookies. We recommend enabling them.

SSH Tectia

Transparent FTP Tunneling

Transparent FTP tunneling is implemented using the SSH Tectia SOCKS Proxy component. The SSH Tectia SOCKS Proxy acts as a SOCKS proxy for the FTP client application on the SSH Tectia Server for IBM z/OS host and captures FTP connections based on filter rules. The tunneling is transparent to the user and the FTP application. The only change needed in the FTP application is to change the SOCKS proxy setting to point to a localhost listener.

The principle of Transparent FTP tunneling is shown in Figure 4.6. Before starting the tunneling, the SSH Tectia SOCKS Proxy must be running and listening on the SOCKS port 1080 on the File Transfer Client host. The following steps happen during the tunneling:

  1. An application, a script, or a user triggers an FTP file transfer.

  2. The FTP client makes a SOCKS query. Instead of a real firewall, the SOCKS setting in the FTP client is set to point to the localhost SSH Tectia SOCKS Proxy.

  3. The filter rules that specify which connections to capture are defined in the SOCKS Proxy configuration. Connections can be captured based on the destination address and/or port.

  4. The SOCKS Proxy module creates an authenticated and encrypted Secure Shell tunnel to a Secure Shell server. The user is authenticated with the FTP username and password, or by using public keys. The Secure Shell server can be the FTP server specified in the original FTP request, or a server defined in the filter rules can be used.

  5. The secure tunnel is terminated at the Secure Shell server. If the FTP server is located on a third host, the connection from the Secure Shell server to the FTP server will be unsecured.

  6. The FTP server in the File Transfer Server host is the end point of the file transfer.

Transparent FTP tunneling

Figure 4.6. Transparent FTP tunneling

For a sample use case, see Transparent FTP Tunneling.

Want to see how PrivX can help your organisation?

Are you a DEVELOPER accessing cloud hosts, are you a IT ADMIN managing access & credentials in your corporation, are you BUSINESS MANAGER and want to save money or are you responsible of IT SECURITY in DevOps