You can configure Reflection for Secure IT to forward FTP communications through the Secure Shell tunnel. FTP forwarding supports both active and passive mode transfers.
Advantages of using FTP forwarding include:
You can continue to use FTP applications. All communications (including the FTP command channel and all data channels) are securely encrypted between the Secure Shell client and the Secure Shell server.
If the Secure Shell server and the FTP server run on the same computer, only the Secure Shell port (22) has to be opened in the firewall. Without tunneling, FTP communications require opening the FTP port (21) and a wide range of non-privileged ports for passive mode transfers.
The FTP client computer doesn't require any open ports in the firewall for active mode transfers.
Depending on your hardware resources, forwarding FTP connections using Secure Shell channels may lead to some variations in the transfer speeds when compared to plain FTP connections. If the network is faster than the CPU, tunneling FTP may result in slower transfer because of the encryption process. If the network is slower than the CPU, enabling Secure Shell compression may increase transfer rates.
Local FTP Forwarding
To forward FTP communications from a port used by a local FTP client to a remote FTP server, add the prefix "ftp/" before the local listening port.
In the following example, FTP communications sent from an FTP client (on the same computer as the Secure Shell client) are forwarded to an FTP server running on myhost.com. With this configuration, you would configure the FTP client to connect to localhost:2121.
ssh -L ftp/2121:myhost.com:21 user@myhost.com
-or-
LocalForward=ftp/2121:myhost.com:21
NOTE:The FTP client must be on the same server as the Reflection for Secure IT client. You can configure local FTP forwarding to an FTP server on a different host than the Reflection for Secure IT server, but in that case data is unencrypted in transit from the Reflection for Secure IT server to the FTP server.
Remote FTP Forwarding
To forward FTP communications from a port used by a remote FTP client to a local FTP server, add the prefix "ftp/" before the remote listening port.
In the following example, FTP communications sent from an FTP client (on the same computer as the Secure Shell server) are forwarded to an FTP server (on the same computer as the Secure Shell client). With this configuration, you would configure the FTP client to connect to port 3333.
ssh -R ftp/3333:localhost:21 user@myhost.com
-or-
RemoteForward=ftp/3333:localhost:21
NOTE:The FTP server must be on the same host as the Reflection for Secure IT client and the FTP client must be on the same host as the Reflection for Secure IT server.