Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

ssh port forwarding

0 views
Skip to first unread message

Karen A Swanberg

unread,
May 24, 2001, 11:59:24 AM5/24/01
to
Has anyone successfully used the default ftpd in 2.8 with MacSSH (or other
free telnet/ssh program for the Mac) to ssh tunnel your fetch (ftp)
session to the OpenBSD server? This is using ssh2.

I posted a fairly lengthy explaination for what I'm trying to do, and how
I've gone about doing it, to mi...@openbsd.org on May 22, and haven't
gotten any responses. I would be happy to forward it to anyone here who
hasn't seen it over there.

I am currently trying to get the F-secure client to do it, but haven't had
any luck with that either, but I notice that the F-secure client has sftp,
so if I can't get MacSSH to work, I'll go beg and scrape for the money to
buy the F-secure client for the dept.

Sincerely,

-Karen

* *
Karen Swanberg |
Network Admin. | GNUmusk, an
Dept. of Geology/Geophysics | opensource cologne
206 Pillsbury Hall |
310 Pillsbury Ave. SE | Old geeks never die
University of Mn | They just revert
Minneapolis, MN 55455 | to cleartext
(612) 624-6541 |
* *

Karen A Swanberg

unread,
May 24, 2001, 6:32:18 PM5/24/01
to
> for this example, let's say the ftp server is 192.168.1.1 and the client is
> 192.168.1.32.
>
> Instead of modifying /etc/rc.conf, leave it as is (ftpd_flags=NO) and use
> the following line in /etc/inetd.conf (you need inetd running):
>
> ftp stream tcp nowait root /usr/libexec/ftpd ftpd
> -llUSP
>
> make sure there's only one (uncommented) entry for ftp. Unless you have LOTS
> of clients, this is probably preferable to the standalone method.

All this has now been done.

>
> Then,
> * make sure hosts.allow & hosts.deny are empty (for now)

Yikes! Ok, done.

> * set your MacSSH forwarding to the real IP address = 192.168.1.32, not
> 127.0.0.1.

Do you have MacSSH? Where should I do this? There are three places to set
IP addresses:

On the General tab, Host:

On the SSH tab, which looks like this:

Local Port: Remote Host: Remote Port:
21 X.X.X.1 21

In Fetch, as Host:


> * set up fetch to connect to the IP address of the Mac connecting to the FTP
> server = 192.168.1.32, not 127.0.0.1
> * don't use passive mode, it won't work.

Okay, so we have three variables:

In MacSSH-

General: Host
-which I'll call "Gen:" below

SSH2: Remote Host
-which I'll call "SSH:" below

In Fetch:
Host:
-which I'll call "Fetch:" below.

In Fetch, 127.0.0.1 and Localhost are acting the same (well, duh) and I'll
also put in the server and client IP's. Server = .1 client = .32

These are all of the combinations of these:

Gen: SSH: Fetch: Errors on client: Errors on Server:
.1 .32 127 Error: failed to open sshd:[] error: connect
tcpip channel x.x.x.32 port
exception: refused 21: failed
by peer.

.1 .32 .32 connection refused N/A

.32 .1 127 lsh: connection
refused (errno=61) N/A

(it's trying to connect to the ftpd on the mac, not forwarding)

.1 .1 127 server response: ftpd:[900] FTP Login from
can't build data epidote as swanberg
directory: no such
file or directory.

(So I get logged in here successfully across FTP, but I can't see
anything, can't do anything and can't send files. I can navigate the
directory structure, though, if I type it in manually).

.1 .1 .32 connection refused N/A

.1 .32 127. "Error: failed to open
tcpip channel exception:
refused by peer."

I can't think of what I might be missing on the Mac side. Remember, this
works when I do it to an irix or Sun box, with:

.1 .1 127


So I'm fairly convinced it's something to do with ftpd, and how it's set
up.

thanks

0 new messages