RE: [Zope] FTP access and ssh-Port-Forward
Most FTP clients (WS_FTP, Fetch, etc), though, support persisting a user-preference to do passive transfers (single, client-initiated TCP control socket; there is no data connnection), which is reported to do okay through SSH TCP socket tunnels, though I have never tested this to Zope... Sean
-----Original Message----- From: Dieter Maurer [mailto:dieter@handshake.de] Sent: Wednesday, June 04, 2003 11:25 AM To: Andreas Pakulat Cc: zope@zope.org Subject: Re: [Zope] FTP access and ssh-Port-Forward
Andreas Pakulat wrote at 2003-6-4 16:40 +0200:
I've got a problem with zope on Solaris system. I can access the ftp-Port from within the LAN (being either there or using ssh to connect to a server in the LAN) but not using a port forward for it. I can however use http-Portforwarding over ssh, but ftp-Portforwarding only gives me the possibility to login, the ls command "hangs" at entering Passive Mode. If I turn off passive mode I get error 425 Cant build data connection.
Has somebody a soluting how to get ssh-forwarded ftp Access to Zope?
FTP is a very difficult protocol with respect to forwarding and FireWalls. That's because FTP uses two connections, a command connection and a data connection. The latter is created on demand. It is very difficult to forward the data connection.
Workarounds:
Transfer your data from outside into your LAN (e.g. via "scp") and then use a LAN FTP connection to Zope.
Use WebDAV to directly transfer the content into Zope.
Use "load_site.py" to import content (and something symmetrically for the reverse direction).
Dieter
_______________________________________________ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
On Wed, Jun 04, 2003 at 12:53:14PM -0700, sean.upton@uniontrib.com wrote:
Most FTP clients (WS_FTP, Fetch, etc), though, support persisting a user-preference to do passive transfers (single, client-initiated TCP control socket; there is no data connnection),
Sure there is, it's just set up on a port chosen by the server instead of chosen by the client.
which is reported to do okay through SSH TCP socket tunnels, though I have never tested this to Zope...
I have not been able to get it to work through our firewall, and some preliminary research is not encouraging: i get the feeling it may not be possible through a firewall. -- Paul Winkler http://www.slinkp.com Look! Up in the sky! It's THE JONIC MORTGAGE! (random hero from isometric.spaceninja.com)
On 04.Jun 2003 - 12:53:14, sean.upton@uniontrib.com wrote:
Most FTP clients (WS_FTP, Fetch, etc), though, support persisting a user-preference to do passive transfers (single, client-initiated TCP control socket; there is no data connnection), which is reported to do okay through SSH TCP socket tunnels, though I have never tested this to Zope...
Do you know how to do that with gFTP? I did not find something like that? Andreas -- Cheer Up! Things are getting worse at a slower rate.
On Wed, Jun 04, 2003 at 12:53:14PM -0700, sean.upton@uniontrib.com wrote:
Most FTP clients (WS_FTP, Fetch, etc), though, support persisting a user-preference to do passive transfers (single, client-initiated TCP control socket; there is no data connnection), which is reported to do okay through SSH TCP socket tunnels, though I have never tested this to Zope...
I have had little success using passive FTP over SSH tunnels. Perhaps I'm doing something wrong, but even passive FTP uses secondary port connections to do data transfers; I have not found any way to arrange tunneling for those secondary connections. If the firewall lets connections to ports > 1024 go through, then passive FTP over SSH tunneling can appear to work, but only the control connection is actually tunneled -- the secondary/data connections are in the clear. The user/password info is encrypted then, but not the transferred file data. -- Fred Yankowski fred@ontosys.com tel: +1.630.879.1312 OntoSys, Inc PGP keyID: 7B449345 fax: +1.630.879.1370 www.ontosys.com 38W242 Deerpath Rd, Batavia, IL 60510-9461, USA
participants (4)
-
Andreas Pakulat -
Fred Yankowski -
Paul Winkler -
sean.upton@uniontrib.com