Your best friend for file transfer.
Fetch
Fetch acSSH tunnel (8 posts)
- Started 20 years ago by guest
- Latest reply 20 years ago from Jim Matthews
-
guest Registered Member
-
Jim Matthews Administrator
Could you choose "Fetch Transcript" from the Window menu and post the contents after seeing that error? I'd like to see the information there.
Thanks,
Jim Matthews
Fetch Softworks -
guest Registered Member
At the suggestion of someone on the PureFTPd mailing list, I tried turning on FXP transfers and it still didn't work. Here are the transcripts from 4 sessions. The first two are with FXP on and passive on and off. The second are with FXP off and passive on and off.
Any help would be appreciated.
-----FXP ON, Passive OFF-----
Connecting to localhost port 21 (11/13/03 3:46:03 PM)
220---------- Welcome to Pure-FTPd [privsep] [TLS] ---------- 220-You are user number 1 of 50 allowed. 220-Local time is now 15:46. Server port: 21. 220-This is a private system - No anonymous login 220 You will be disconnected after 15 minutes of inactivity. USER jserio 331 User jserio OK. Password required PASS
230-User jserio has group access to: secwww www jserio
230-This server supports FXP transfers
230 OK. Current directory is /home/jserio
SYST
215 UNIX Type: L8
PWD
257 "/home/jserio" is your current location
PWD
257 "/home/jserio" is your current location
PORT 129,219,92,229,195,110
200-FXP transfer: from 127.0.0.1 to 129.219.92.229
200 PORT command successful
LIST
425 Could not open data connection to port 50030: Invalid argument
ftp_list: -30000
NOOP
200 Zzz...
----------FXP ON, Passive ON-----
Connecting to localhost port 21 (11/13/03 3:49:12 PM)
220---------- Welcome to Pure-FTPd [privsep] [TLS] ---------- 220-You are user number 1 of 50 allowed. 220-Local time is now 15:49. Server port: 21. 220-This is a private system - No anonymous login 220 You will be disconnected after 15 minutes of inactivity. USER jserio 331 User jserio OK. Password required PASS
230-User jserio has group access to: secwww www jserio
230-This server supports FXP transfers
230 OK. Current directory is /home/jserio
SYST
215 UNIX Type: L8
PWD
257 "/home/jserio" is your current location
PWD
257 "/home/jserio" is your current location
PASV
227 Entering Passive Mode (127,0,0,1,195,204)
ftp_list: -3260
----------FXP OFF, Passive ON-----
Connecting to localhost port 21 (11/13/03 3:50:52 PM)
220---------- Welcome to Pure-FTPd [privsep] [TLS] ---------- 220-You are user number 1 of 50 allowed. 220-Local time is now 15:50. Server port: 21. 220-This is a private system - No anonymous login 220 You will be disconnected after 15 minutes of inactivity. USER jserio 331 User jserio OK. Password required PASS
230-User jserio has group access to: secwww www jserio
230 OK. Current directory is /home/jserio
SYST
215 UNIX Type: L8
PWD
257 "/home/jserio" is your current location
PWD
257 "/home/jserio" is your current location
PASV
227 Entering Passive Mode (127,0,0,1,195,184)
ftp_list: -3260
----------FXP OFF, PASSIVE OFF-----
Connecting to localhost port 21 (11/13/03 3:52:15 PM)
220---------- Welcome to Pure-FTPd [privsep] [TLS] ---------- 220-You are user number 1 of 50 allowed. 220-Local time is now 15:52. Server port: 21. 220-This is a private system - No anonymous login 220 You will be disconnected after 15 minutes of inactivity. USER jserio 331 User jserio OK. Password required PASS
230-User jserio has group access to: secwww www jserio
230 OK. Current directory is /home/jserio
SYST
215 UNIX Type: L8
PWD
257 "/home/jserio" is your current location
PWD
257 "/home/jserio" is your current location
PORT 129,219,92,229,195,87
500 I won't open a connection to 129.219.92.229 (only to 127.0.0.1)
ftp_list: -30000
----- -
Jim Matthews Administrator
You definitely want FXP on if you are using SSH tunneling. I would think you'd want PASV on as well, but this exchange from the FXP on, PASV on transcript is puzzling:
PASV
227 Entering Passive Mode (127,0,0,1,195,204)The server is saying "Connect to me at 127.0.0.1, port 50709". But 127.0.0.1 is the loopback address -- that's telling your Mac to connect back to itself, which doesn't make any sense. The server should be giving its own address. When Fetch follows that instruction it gets a connection refused error (-3260).
In the FXP on, PASV off case we see:
PORT 129,219,92,229,195,110
200-FXP transfer: from 127.0.0.1 to 129.219.92.229
200 PORT command successful
LIST
425 Could not open data connection to port 50030: Invalid argumentFetch tells the server to connect to 129.219.92.229, port 50030, but the server says it can't; I'm not sure why.
What hostname or IP address do you make your SSH tunnel to? Is 129.219.92.229 the correct address for your Mac?
You mention that a Windows FTP client can use this tunnel; do you have a transcript of its commands? Do you know whether it's using PASV?
Thanks,
Jim Matthews
Fetch Softworks -
guest Registered Member
Here's the log from WS_FTP. Note that WS_FTP works fine with or without FXP turned on at the server:
-----FXP OFF-----
WINSOCK.DLL: WinSock 2.0
WS_FTP LE 5.08 2000.01.13, Copyright © 1992-2000 Ipswitch, Inc.
- -
connecting to 127.0.0.1:4000
Connected to 127.0.0.1 port 4000
220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------
220-You are user number 1 of 50 allowed.
220-Local time is now 09:59. Server port: 21.
220-This is a private system - No anonymous login
220 You will be disconnected after 15 minutes of inactivity.
USER jserio
331 User jserio OK. Password required
PASS (hidden)
230-User jserio has group access to: secwww www jserio
230 OK. Current directory is /home/jserio
PWD
257 "/home/jserio" is your current location
SYST
215 UNIX Type: L8
Host type (S): UNIX (standard)
PASV
227 Entering Passive Mode (127,0,0,1,195,82)
connecting to 127.0.0.1:50002
- -
connecting to 127.0.0.1:50002
Connected to 127.0.0.1 port 50002
LIST
150 Accepted data connection
Received 980 bytes in 0.1 secs, (75.00 Kbps), transfer succeeded
226-Options: -a -l
226 15 matches total
----------FXP ON-----
WINSOCK.DLL: WinSock 2.0
WS_FTP LE 5.08 2000.01.13, Copyright © 1992-2000 Ipswitch, Inc.
- -
connecting to 127.0.0.1:4000
Connected to 127.0.0.1 port 4000
220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------
220-You are user number 1 of 50 allowed.
220-Local time is now 10:04. Server port: 21.
220-This is a private system - No anonymous login
220 You will be disconnected after 15 minutes of inactivity.
USER jserio
331 User jserio OK. Password required
PASS (hidden)
230-User jserio has group access to: secwww www jserio
230-This server supports FXP transfers
230 OK. Current directory is /home/jserio
PWD
257 "/home/jserio" is your current location
SYST
215 UNIX Type: L8
Host type (S): UNIX (standard)
PASV
227 Entering Passive Mode (127,0,0,1,196,82)
connecting to 127.0.0.1:50258
- -
connecting to 127.0.0.1:50258
Connected to 127.0.0.1 port 50258
LIST
150 Accepted data connection
Received 980 bytes in 0.2 secs, (47.37 Kbps), transfer succeeded
226-Options: -a -l
226 15 matches total
-----<i>The server is saying "Connect to me at 127.0.0.1, port 50709". But 127.0.0.1 is the loopback address -- that's telling your Mac to connect back to itself, which doesn't make any sense.</i>
I see what you mean here, but ssh is tunneling all requests on 127.0.0.1 to the server, but only on port 21. Maybe this is the issue? Looking at the transcripts above for WS_FTP, you can see it happily connects fine to 127.0.0.1:50XXX just fine. The only difference I see betwene the Mac and Win is that the SSH client on windows has an option in the tunnel for "ftp". Maybe it properly handles the additional ports?
-
Jim Matthews Administrator
Yes, I think the Windows SSH program is providing an additional tunnel for the data connection. MacSSH does not do that. I'm still not sure why the server gives you the loopback address in the response to the PASV command. It's as if it knows about or expects the second tunnel, and that's puzzling. Do you know the name of the Windows SSH program?
Thanks,
Jim Matthews
Fetch Softworks -
guest Registered Member
The Widnows program is SSH 3.3.2 (ssh.com). So am I pretty much out of luck then?
-
Jim Matthews Administrator
Yes, as far as I can tell you're out of luck. We are working on integrating SSH support into Fetch, but that work is not ready for release.
Thanks,
Jim Matthews
Fetch Softworks
- Page 1
Topic closed
This topic has been closed.
I've tried both Fetch 3.03 and 4.03. Here's the problem.
On a Windows box, I can get an ftp-over-ssh tunnel working flawlessly. The ftp server (PureFTPD running on Linux) is setup to only respond to requests from it's local IP (127.0.0.1) and the passive port range is 50000-50400. I set up a ssh tunnel using MacSSH and forward local port 4000 to port 21 on the ftp server. After logging in to and activating the mirror, fetch can connect to "localhost" just fine but it receives a "Connection Refused" when trying to get a directory listing. Turning on "Passive" and setting the port range in Fetch to 50000-50400 gives me another error "Server will not accept connections from XXX.XXX.XXX.XXX:50340. Will only accept from 127.0.0.1"
It seems to me that either Fetch or MacSSH is not properly tunneling throught the tunnel. Somehow the FTP client sees the connection as coming from the clint IP as opposed to 127.0.0.1 and it refuses the connection.
Anyone have any ideas on this?
Jim
Posted 20 years ago #