Tue, 17 Apr 2007, by harrismh777@earthlink.net:
On Tuesday 17 April 2007 17:02, Matthew Stringer wrote:
What I'm hoping to achieve is to create a bastion host box that allows SSH connections from anywhere, I can then create users on that box who'll be able to create an SSH tunnel to the FTP machines. I have not run ftp /or telnet in production for years.
... the ssh tunnel is ok, but you could try scp instead of ftp.
In your situation you might try passive ftp... but either way its not the best. From the looks of things the passive connection back is not working. Standard ftp requires two sockets... one to make the connection (commands) and the other to transmit the data... looks like the data socket isn't authorized or is failing for some other reason. Are the boxes behind a firewall on an 192.168 network using NAT (masquerading)? FTP does not masquerade well without the ftp fix.
But back to my first point... really, IMHO you would do well to try scp. I move files on my systems (even to the outside) exclusively with scp... its the secure copy that ships with ssh.... can be compressed, encrypted, and frankly is more flexible than FTP IMO.
If scp, or sFTP would only support virtual user. I'd like to offer users on the FTP server I maintain scp/sFTP, but setting up chroot/scponly is just too much hassle compared to the simple vsftp virtual user setup. Theo -- Theo v. Werkhoven Registered Linux user# 99872 http://counter.li.org ICBM 52 13 26N , 4 29 47E. + ICQ: 277217131 SUSE 10.2 + Jabber: muadib@jabber.xs4all.nl Kernel 2.6.18 + See headers for PGP/GPG info. Claimer: any email I receive will become my property. Disclaimers do not apply. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org