RE: ssh

[James Crotinger]

[I added pooma-dev to this list in case anyone else out there has an idea on this. I'm trying to figure out how to tunnel ftp through ssh from my local machine to nirvana.acl.lanl.gov. It is non-trivial because we have to tunnel through portal.lanl.gov and because Proximation has no machines on the internet except for the web server, which only accepts vpn and http connections.]

Given this, I tried the obvious thing:

$ ssh -l jac -t -L21:localhost:33225 \
                -L20:localhost:33226 \
                 portal.lanl.gov \
            ssh -L33225:nirvana.acl.lanl.gov:21 \
                -L33226:nirvana.acl.lanl.gov:20 \
                 nirvana.acl.lanl.gov

This should forward the ftp control connection and the ftp data connection (21 and 20). I then tried "ftp localhost" and did get connected to nirvana. I could do "cd .ssh" and it said that worked. But when I tried to do anything involving data, it failed, saying

  425 Can't build data connection: Connection refused.

I tried a couple of numbers for the intermediate proxy port, but it didn't make any difference. (I don't know where we're supposed to get these numbers - Stephen mentions an algorithm for deducing them from you're z-number, but doesn't recall what it is.) I'm guessing that nirvana isn't using 20 for the ftp data connection, but then what is it?

Anyone have any experience with this?

  Jim

> -----Original Message-----
> From: Stephen A Smith [mailto:address@hidden]
> Sent: Wednesday, September 05, 2001 7:42 PM
> To: address@hidden
> Subject: ssh
>
>
> All I found was a note I sent to Bill about using cvs and mail through
> portal.
> I seem to remember ftp being easy somehow, that portal
> supported it.  It
> might
> have been that I said ftp to portal.lanl.gov, and it logged
> you in with
> the passphrase
> and then let you connect to another machine.  Anyway, here's
> what I did
> for
> cvs and mail:
>
>
> For mail, I was doing
>
> ssh -L 1110:localhost:33224 portal.lanl.gov ssh -L
> 33224:localhost:110 \
>
> cic-mail
>
> (and telling netscape to use localhost:1110)
>
> for cvs, I was doing
>
> ssh -t -L2401:localhost:33225 portal.lanl.gov ssh \
> -L33225:blueserver.acl.lanl.gov:2401 tbp.acl.lanl.gov
>
> and
>
> cvs -d :pserver:address@hidden:/usr/local/pooma/framework
>
> (They had some algorithm based on your ICN number that let you pick
> ports
> that no one else would use.)
>
>     Stephen
>
>