Date: Sun, 30 Dec 2001 20:02:03 -0500 (EST) From: Scott Nolde <scott@smnolde.com> To: Jon Drukman <jsd@cluttered.com> Cc: <freebsd-questions@FreeBSD.ORG> Subject: Re: ftp over ssh - problems Message-ID: <20011230200030.L239-100000@bsd.smnolde.com> In-Reply-To: <4.3.2.7.2.20011230144925.00c54890@10.10.10.1>
next in thread | previous in thread | raw e-mail | index | archive | help
smacked into the keyboard previously by owner-freebsd-questions@FreeBSD.ORG: >Date: Sun, 30 Dec 2001 14:56:22 -0800 >From: Jon Drukman <jsd@cluttered.com> >To: freebsd-questions@FreeBSD.ORG >Subject: ftp over ssh - problems > >there are still many reasons i need to use ftp, unfortunately. i use >ftp-over-ssh to make it as secure as possible, but i have run into problems >with recent freebsd installs. it seems that passive mode sends 127.0.0.1 >instead of the host's public ip address. this means that the ftp client >tries to connect to a port on localhost that won't be listening in order to >list the files. connection refused. > >the session looks something like this: > >220 jsd.com FTP server (Version wu-2.6.2(2) Fri Dec 28 12:21:04 PST 2001) >ready. >USER jsd >331 Password required for jsd. >PASS (hidden) >230 User jsd logged in. >PWD >257 "/home/jsd" is current directory. >Host type (I): UNIX (standard) >PASV >227 Entering Passive Mode (127,0,0,1,32,74) >connecting to 127.0.0.1:8266 >- - >connecting to 127.0.0.1 ... >can't connect to 127.0.0.1 - connection refused >connect: connection refused >PORT 127,0,0,1,5,7 >200 PORT command successful. >LIST >425 Can't build data connection: Connection refused. > > >i tried with the default ftpd that comes with FBSD 4 and wu-ftpd, same >behavior. > >here's what a successful transaction looks like (the host in question is >running solaris 2.7). note how the PASV command returns the remote >machine's IP and not 127.0.0.1. any ideas on why freebsd would behave >differently, and more importantly, how to fix it? > >Connected to 127.0.0.1 port 21 >220 sss FTP server (SunOS 5.6) ready. >USER jsd >331 Password required for jsd. >PASS (hidden) >230 User jsd logged in. >PWD >257 "/export/home/jsd" is current directory. >Host type (I): UNIX (standard) >PASV >227 Entering Passive Mode (206,132,131,3,167,119) >connecting to 206.132.131.3:42871 >- - >connecting to 206.132.131.3 ... >Connected to 206.132.131.3 port 42871 >LIST >150 ASCII data connection for /bin/ls (64.2.58.24,1290) (0 bytes). >Received 2352 bytes in 0.2 secs, (91.29 Kbps), transfer succeeded >226 ASCII Transfer complete. > >-jsd- > To make the connection as secure as possible, why not use scp or sftp? The entire session would be encrypted, not just the user/passwd. Scott Nolde GPG Key 0xD869AB48 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20011230200030.L239-100000>