SSH Reference Manual
Using the SSH client to create an FTP port forwarding daemon
To tunnel FTP connections through a SSH connection, the SSH implementation must apply additional logic to ensure
that the data port is also encrypted. The following example shows the encryption of an FTP connection between two
NonStop systems by tunneling it over an SSH session.
The example is based on the following assumptions:
• An SSH2 daemon is installed on the remote NonStop system with Port forwarding allowed. That requires the
parameter ALLOWTCPFORWARDING
to be set to true.
• The IP address on the remote NonStop system is 10.0.0.198. FTPSERV is configured through PORTCONF to
take connections coming in on port 21 on that IP stack
• A guardian user named COMF.TB exists on the remote system
Starting FTP port forwarding on the client system
The following command will start a FTP port forwarding daemon on the client system
$TB TBSSH79 16> run ssh -S $TBS79 -N -L ftp/2121:127.0.0.1:21 comf.tb@10.0.0.198
SSH client version T9999H06_22Jan2014_comForte_SSH_0097
You have no private keys in the key store.
Trying password authentication.
Enter comf.tb@10.0.0.198's password:
The client will not be active before the password is given at the prompt. The port forwarding client listens for incoming
connections on port 2121. 127.0.0.1:21 is the IP address/port of FTPSERV on the remote system from the perspective of
the remote NonStop host. The “ftp/” string after the –L tells the SSH client to use additional FTP forwarding logic.
Connecting to the port forwarding client with a FTP client
The following command sequence will direct local FTP traffic to the port forwarding daemon and in effect create an
encrypted FTP session between the two systems:
$TB TBSSH79 2> ftp 127.0.0.1 2121
FTP Client - T9552J01 - (30MAR2012) - COPYRIGHT TANDEM COMPUTERS INCORPORATED 2012
Connecting to 127.0.0.1.........Established.
220 NPS762A FTP SERVER T9552G07 (Version 3.x TANDEM 30NOV2005) ready.
Name (127.0.0.1:user): comf.tb
331 Password required for COMF.TB.
Password:
230 User COMF.TB logged in. OSS API enabled
ftp> dir
200 command successful
150 Opening data connection for /bin/ls (127.0.0.1,4519d) (0 bytes).
total 9662
drwxrwxrwx 1 COMF.TB COMF 4096 Jun 25 13:08 .
drwxrwxr-x 1 SUPER.SUPER SUPER 4096 Jul 03 20:43 ..
-rw------- 1 COMF.TB COMF 5430 May 08 16:40 .bash_history
-rw-rw-rw- 1 COMF.TB COMF 1714 Sep 16 2004 .bashrc
-rw-rw-rw- 1 COMF.TB COMF 3480 Aug 29 2007 .exrc
-rwxrwxrwx 1 COMF.TB COMF 141 Jan 06 2008 .profile
-rw------- 1 COMF.TB COMF 569 Jan 03 2007 .profile_fh
-rw------- 1 COMF.TB COMF 1100 May 08 16:40 .sh_history
drwx------ 1 COMF.TB COMF 4096 Nov 02 2004 .ssh
-rw------- 1 COMF.TB COMF 3116 Jan 08 2008 .viminfo
-rw-rw-rw- 1 COMF.TB SUPER 15 Oct 20 2004 .vimrc
-rwxrwxrwx 1 COMF.TB COMF 15000 Oct 24 2007 a.out
-rw-rw-rw- 1 SUPER.SUPER SUPER 2722667 Aug 29 2007 abc
drwxrwxrwx 1 SUPER.SUPER SUPER 4096 Oct 13 2004 bashtest
-rw-rw-rw- 1 COMF.TB COMF 699 Oct 24 2007 block.c
-rwxr-xr-x 1 COMF.TB COMF 27064 Jun 25 13:08 file0,0,1,1,1
-rwxrwxrwx 1 COMF.TB COMF 244 Oct 24 2007 fixmore
drwxrwxrwx 1 COMF.TB COMF 4096 Apr 25 2006 gnumisc
drwxrwxrwx 1 COMF.TB COMF 4096 Jan 08 2008 hertz
-r-xr-xr-x 1 SUPER.SUPER SUPER 389152 Mar 03 2005 ls
-rwxrwxrwx 1 COMF.TB COMF 128 Mar 28 06:35 rc0071
226 • SSH and SFTP Client Reference HP NonStop SSH Reference Manual