On Wed, Jun 04, 2003 at 12:53:14PM -0700, sean.upton@uniontrib.com wrote:
Most FTP clients (WS_FTP, Fetch, etc), though, support persisting a user-preference to do passive transfers (single, client-initiated TCP control socket; there is no data connnection), which is reported to do okay through SSH TCP socket tunnels, though I have never tested this to Zope...
I have had little success using passive FTP over SSH tunnels. Perhaps I'm doing something wrong, but even passive FTP uses secondary port connections to do data transfers; I have not found any way to arrange tunneling for those secondary connections. If the firewall lets connections to ports > 1024 go through, then passive FTP over SSH tunneling can appear to work, but only the control connection is actually tunneled -- the secondary/data connections are in the clear. The user/password info is encrypted then, but not the transferred file data. -- Fred Yankowski fred@ontosys.com tel: +1.630.879.1312 OntoSys, Inc PGP keyID: 7B449345 fax: +1.630.879.1370 www.ontosys.com 38W242 Deerpath Rd, Batavia, IL 60510-9461, USA