ssh

James Crotinger JimC at proximation.com
Thu Sep 6 22:14:56 UTC 2001 

[I added pooma-dev to this list in case anyone else out there has an idea on
this. I'm trying to figure out how to tunnel ftp through ssh from my local
machine to nirvana.acl.lanl.gov. It is non-trivial because we have to tunnel
through portal.lanl.gov and because Proximation has no machines on the
internet except for the web server, which only accepts vpn and http
connections.]

Given this, I tried the obvious thing:

$ ssh -l jac -t -L21:localhost:33225 \
                -L20:localhost:33226 \
                 portal.lanl.gov \
            ssh -L33225:nirvana.acl.lanl.gov:21 \
                -L33226:nirvana.acl.lanl.gov:20 \
                 nirvana.acl.lanl.gov

This should forward the ftp control connection and the ftp data connection
(21 and 20). I then tried "ftp localhost" and did get connected to nirvana.
I could do "cd .ssh" and it said that worked. But when I tried to do
anything involving data, it failed, saying 

  425 Can't build data connection: Connection refused.

I tried a couple of numbers for the intermediate proxy port, but it didn't
make any difference. (I don't know where we're supposed to get these numbers
- Stephen mentions an algorithm for deducing them from you're z-number, but
doesn't recall what it is.) I'm guessing that nirvana isn't using 20 for the
ftp data connection, but then what is it? 

Anyone have any experience with this? 

  Jim


> -----Original Message-----
> From: Stephen A Smith [mailto:sasmith at cybermesa.com]
> Sent: Wednesday, September 05, 2001 7:42 PM
> To: jimc at proximation.com
> Subject: ssh
> 
> 
> All I found was a note I sent to Bill about using cvs and mail through
> portal.
> I seem to remember ftp being easy somehow, that portal 
> supported it.  It
> might
> have been that I said ftp to portal.lanl.gov, and it logged 
> you in with
> the passphrase
> and then let you connect to another machine.  Anyway, here's 
> what I did
> for
> cvs and mail:
> 
> 
> For mail, I was doing
> 
> ssh -L 1110:localhost:33224 portal.lanl.gov ssh -L 
> 33224:localhost:110 \
> 
> cic-mail
> 
> (and telling netscape to use localhost:1110)
> 
> for cvs, I was doing
> 
> ssh -t -L2401:localhost:33225 portal.lanl.gov ssh \
> -L33225:blueserver.acl.lanl.gov:2401 tbp.acl.lanl.gov
> 
> and
> 
> cvs -d :pserver:sa_smith at localhost:/usr/local/pooma/framework
> 
> (They had some algorithm based on your ICN number that let you pick
> ports
> that no one else would use.)
> 
>     Stephen
> 
> 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://sourcerytools.com/pipermail/pooma-dev/attachments/20010906/e09ffbf1/attachment.html>

More information about the pooma-dev mailing list