Great SSH-FTP login issues

E

emhag677

Registered
Hello, I hope you can help me out. I have been browsing the internet like crazy trying to figure this out.
What I want to do is connect my PBG4 at work to my iMac at home, connected via AEBS and a DSL-modem. I want to make a secure connection. I have been able to make a connection with SFTP by using Fugu, forwarding port 22 on my AEBS to my iMac. I have made public and private keys. But SFTP can only transfer files and not folders with files inside. I believe that what I want is to use FTP wrapped in SSH. SCP is a possibility but I don't like (no good at) using the terminal. I have made a ssh tunnel from my PB to the iMac with Fugu. But then when I start the FTP client I can't connect.

Setup:
iMac: Remote login enabled. ftp is not (should it be? if so, is that not a vulnerable thing?)
PB: ssh tunnel from 1025 (on the PB) to port 22 (on the iMac). Remote host and "create tunnel to" is the same ip-no - correct? FTP client set-up to connect to 127.0.0.1 or localhost. The last doesn't work.

How do I do it? Thanks for your help!
 
My setup is a little different. I use SSHAgent to manage my tunnel and authentication and when I want to mount a disk remotely I can simply use AFP, which enables drag 'n drop with folders etc. However, when connecting I do not just connect to localhost, but to a specific local port.
Perhaps, I have misunderstood your problem, but how can you make a Tunnel directly from one machine to the other? Isn't that simply a direct SSH connection? I use a Tunnel to connect to an otherwise unreachable machine _via another server_. Otherwise I am not sure a Tunnel would be the best/most practical solution.

Using the terminal isn't that difficult: you can use SFTP (FTP via SSH) to up- and download folders quite easily. Basic commands are:

(upload) put path/local_file path/remote_file
(download) get path/remote_file path/local_file

Remember that you can drag and drop a file or folder onto your terminal window, which will give you the path/filename.

AFAIK you don't even need FTP as you can use scp within SSH to copy files (not sure about this).
 
Hi Cat,
thanks for you reply. I would like to drag and drop, how exactly is your set-up for AFP? Which ports do you use, what services do you enable on the host? Remote login? I would appreciate exact ports!
I don't know if it is a ssh tunnel, but Fugu says that a "ssh tunnel is up" between my two machines. Actually, since I still haven't got this working yet I am still working on my home LAN. Does this make a difference, a ssh tunnel vs a ssh connection?

Emil
 
Well, I am on shaky ground here, as I too just followed step by step instructions ... Anyway, I set up authentication through keypairs, like you. I want to be able to mount my personal diskspace, a folder, at my faculty. This disk is not accesible from the outside, but another server (the webserver) is. So basically I can log into the webserver and then connect through the webserver to my folder. AFAIK that is why it is called a tunnel: my home machine makes a SSH tunnel through the webserver to the remote, unreachable server. I use SSHAgent to manage my connection and my settings are as follows:

local port 1548
user@tunnel.host:22
remote.host:548

ThenI connect with Cmd-K to localhost:1548 which mounts the remote host (my folder on my faculty's server). Then I can drag 'n drop.

However, I think this is not what you need, as your two computer are directly connected to the internet, so you can connect directly one to the other with ssh or ftp. Using Fugu or Transmit or some other FTP program or GUI should enable you fine to drag and drop entire folders directly. FTP is not much more vulnerable than any other service you run on your machines, it mostly depends on how secure your passwords are and what services are running on a port and with what privileges. AFAIK a quite secure option is to create a special (heavily restricted) user account just for FTP. Any potential cracker damage would then be limited to that account.
 
Ok, I think I understand the difference between a tunnel and direct SSH connection between computers. The way you connect via SSH and AFP anyway seems as a god way to do it. But then, again, do you have any suggestions for the services I have to run on the host? AFP and/or remote login? Why didn't you believe AFP and SSH would do the trick? Also, in Fugu, if I want to copy folders, Fugu promts me to use the scp instead so folder copy over SFTP doesn't work properly.

Is this setup how I should do it (iMac = my home computer)?

local port 1548
user@iMac.host:22
iMac.host:548

A lot of questions, but a very (for me) difficult topic. Thanks
Emil
 
I'm not sure if I can help you there, as I too have simply tried to follow step by step instructions. My settings are appropriate for my situation, I'm not sure whether you should use the same. I am connecting to a server, running OS X Server, I am not the admin of that machine, so I got instructions on what settings to use, I didn't have to enable services on my part at all.

The remote server in my case has AFP enabled, but only for the local LAN, it is inaccessible from the outside. The intermediate Tunnel host is visible from the outside and accessible through SSH. So in this case I log in with SSH to the tunnel host and then I am in fact on the LAN and can access the AFP in a secure way. You could try to achieve a similar setup, I think, by enabling AFP access, which should be Personal File Sharing, but only for your LAN, and then trying to access your LAN through SSH. AFAIK this should be quite secure. The only problem is that I don't know how to translate that exactly to your case, as you don't have a LAN with a router that you can SSH into, but just one computer ...

These two pages [one] and [two] were of great help to me.

If Fugu doesn't do the trick, perhaps you could use another SFTP capable program, I'm sure there are lots of them (transmit, interarchy). Depending on what exactly it is you want to do, once you have a working SSH tunnel or connection, you might even decide to use something like rsync or a backup utility.
 
You must log in or register to reply here.
Back
Top