I recently put my web pages on another ISP in Toronto. Since I live in Georgia, my local ISP is quite a few hops away from my ISP in Toronto, and there are a lot of computers I don't trust between me and my new web host. So I use ssh to connect to them, and I would use scp (a secure replacement for rcp that's usually bundled with ssh) to copy my files to and from their service. Unfortunately, for reasons unexplained, they don't have scp (secure copy, a part of the SSH package) installed. So I decided to use port forwarding to use FTP to connect to them. In this case, it was a bit easier to do it as a user rather than as root:
giles@tesla$ ssh -C shell.eol.ca -L 2121:ftp.eol.ca:21 giles@shell.eol.ca's password: Warning: Remote host denied X11 forwarding, perhaps xauth program could not be run on the server side. giles@eol$ |
Note the warning: you will see something like that when X11 forwarding is turned off. Now, in another window, I do something like this:
giles@tesla$ $ ftp localhost 2121 Connected to localhost. 220 babbage.echo-on.net FTP server (BSDI Version 7.00LS) ready. Name (localhost:giles): giles 331 Password required for giles. Password: 230 User giles logged in, access restrictions apply. Remote system type is UNIX. Using binary mode to transfer files. ftp> |
As soon as you issue that ftp command you'll see a message in your other window that's connected to the remote machine:
giles@eol$ fwd connect from 127.0.0.1 to local port sshdfwd-2121 |
At this point, it looks like everything is cool and you're in business. But ...
ftp> ls 200 PORT command successful. 425 Can't build data connection: Connection refused. ftp> |
The problem is that FTP spawns connections on other ports by default to take care of the work. Since the other ports aren't forwarded, it tends to get confused. This is the biggest "gotcha" I've found so far in SSH port forwarding, it took quite a while to figure this out.
So I issue the following command:
ftp> passive Passive mode on. ftp> ls 227 Entering Passive Mode (205,189,151,4,203,122) 150 Opening ASCII mode data connection for '/bin/ls'. total 134 ... |
If you're using a GUI client, you may need to do some digging to figure out how to convince it to switch to passive mode. My preferred client these days is lftp, and I found out by digging through the man page that what I needed to do was this:
giles@tesla$ lftp -p 2121 -u giles localhost Password: LFTP giles@tesla:~ > set ftp:passive-mode on |
It would also be relatively easy to put a setting in your ~/.lftp/rc file so that all connections to local host were in passive mode by default.
Another way to establish the same connection would be to use the following command line:
ssh -f -C -L 2121:ftp.eol.ca:21 shell.eol.ca "sleep 30" |
There are only two differences here: the "-f" flag and the command "sleep 30" added on the end. "-f" requests ssh go to background after authentication is done and forwardings have been established. This will get you your terminal back, and "sleep 30" allows you enough time to set up a connection with ftp to keep the forwarding alive. It will die when you disconnect.