EldoS | Feel safer!

Software components for data protection, secure storage and transfer

FTP & SSH

Also by EldoS: CallbackRegistry
A component to monitor and control Windows registry access and create virtual registry keys.
#35902
Posted: 02/16/2016 10:44:22
by Martin Lapierre (Basic support level)
Joined: 02/16/2016
Posts: 2

Hi

I need to setup a SSh tunnel over FTP. SFTP and the like cannot be used.

We support Delphi 5 code and use SBB 11. The setup is simple, a windows workstation and a regular FTP server.

I used a TSSHForwarding component to create a local forwarding tunnel on the client and made localhost port 3005 to 21 tunnel

This works fine for the command part and i can log in to the server

For the data part, i created another tunnel after the PASV reply using the specified port. This works, if I use telnet to recuperate what I requested, but the delphi ftpclient component will freeze and disconect.

I do not understand usedynamicportforwarding : It does not take care of this part. I need a good example, or some help to finish this project

thank you
#35903
Posted: 02/16/2016 10:53:54
by Ken Ivanov (EldoS Corp.)

Hi Martin,

Thank you for contacting us. We will surely help you.

Could you please attach your license ticket to your eldos.com account to upgrade your technical support level up to Standard?

Ken
#35904
Posted: 02/16/2016 11:12:30
by Martin Lapierre (Basic support level)
Joined: 02/16/2016
Posts: 2

What is a license ticket, i still have the license key used to install ?

Im sorry for the dumb question
#35905
Posted: 02/16/2016 11:33:30
by Ken Ivanov (EldoS Corp.)

Martin,

The registration letter you've received when you purchased SBB should contain your personal license ticket, which is a short string of numbers (e.g. 99882374298134). That's what you are looking for.

If you can't find your registration letter, please create a ticket in Helpdesk, specifying the 'Ordered license has not been received' category, and our customer care team will help you to recover it.

Thanks,

Ken
#35907
Posted: 02/16/2016 14:05:27
by Andre Paradis (Standard support level)
Joined: 02/14/2013
Posts: 31

Hi Ken

turns out our company already has a account for your product so i logged on with it !

now can you help me ?
#35908
Posted: 02/16/2016 14:31:46
by Ken Ivanov (EldoS Corp.)

Hi Martin,

Thank you, everything's fine now.

Your Delphi application is likely to be disconnecting when trying to set up the data channel because it receives the original host in the PASV response. In order to make the things work, you need to alter the PASV response on the fly to make it contain the IP address of your SSH listener.

For example, assume that the server sends you the following line in response to your FTP application's PASV command:

227 Entering Passive Mode (67,89,01,23,195,149).

Besides opening port 50069 locally, you also need to alter the first four elements for them to match your SSH listener's address, e.g.

227 Entering Passive Mode (127,0,0,1,195,149).


SecureBlackbox-native TElSimpleFTPSClient component contains the AutoAdjustPasvAddress property that allows to ignore the IP address provided by the server in its response to the PASV command, and use the address that the control socket is connected to instead. If the component you are using is TElSimpleFTPSClient, tuning it up with AutoAdjustPasvAddress would be an easier solution rather than altering the PASV reply on the fly in the forwarding components.

Ken
#35909
Posted: 02/16/2016 14:56:06
by Andre Paradis (Standard support level)
Joined: 02/14/2013
Posts: 31

If when i get the response 227 Entering Passive Mode (67,89,01,23,195,149). I create a tunnel with the correct ports before processing the next response, would it work ?
#35910
Posted: 02/16/2016 15:13:01
by Ken Ivanov (EldoS Corp.)

If you use TElSimpleFTPSClient as your FTP client and set its AutoAdjustPasvAddress property to true, it will.

In all other scenarios, it won't, as you would also need to alter the host part of the response (the 67,89,01,23 bit).

Ken
#35911
Posted: 02/16/2016 15:19:24
by Andre Paradis (Standard support level)
Joined: 02/14/2013
Posts: 31

The only possible protocol is FTP and SSH !

Can your EISimpleFTPSClient connect to a regular ftp server
#35912
Posted: 02/16/2016 16:28:08
by Eugene Mayevski (EldoS Corp.)

Quote
Andre Paradis wrote:
Can your EISimpleFTPSClient connect to a regular ftp server


Yes, it can. The connection itself is not a problem. Tunneling FTP over SSH, however, requires special tricks and with existing TElSimpleFTPSClient it won't be possible. The reason was mentioned above -- you need to change the address that the server sends in response to PASV command. The current code does not let you do this (change the address). We could probably add a hook to the component, so that you would be able to dynamically establish an SSH tunnel for a data channel, and substitute the address. However, development of such hook and extension of the component is possible only as a custom service, for a fee.


Sincerely yours
Eugene Mayevski
Also by EldoS: CallbackRegistry
A component to monitor and control Windows registry access and create virtual registry keys.

Reply

Statistics

Topic viewed 5317 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!