[prev in list] [next in list] [prev in thread] [next in thread]
List: sidewinder
Subject: Re: [Sidewinder] FTPS Proxy Configuration?
From: sidewinder () adeptech ! com
Date: 2006-05-20 14:12:25
Message-ID: CE951ED6042FD747B8DFB38315B26C300D239F49 () mad00mp6 ! dot ! state ! wi ! us
[Download RAW message or body]
Of course, supporting unencrypted FTP on the inside ("transcoding") of a
Janus-like proxy is a lot easier than on both sides, because you don't have
to "fool" the client -- but it also cannot be "transparent".
A cleartext control channel would protect the data, but not the FTP
password. That doesn't seem very attractive, at least to me.
I believe that SFTP is supported in the 6.1.2 FTP proxy. And you can proxy
SCP now (though at least at one time one had to move the Sidewinder SSH to a
different port if you wanted to proxy SSH on its normal port). That is
pretty easily done: we were doing that in release 5.2 .
JRJ
----------------------------------------------------------------------
Message: 1
Date: Thu, 18 May 2006 16:47:30 -0500
From: sidewinder@adeptech.com
Subject: Re: [Sidewinder] FTPS Proxy Configuration?
To: sidewinder@adeptech.com
Message-ID:
<dc718edc0605181447j7713df6bi565f652eb06d6d24@mail.gmail.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
On 5/17/06, sidewinder@adeptech.com <sidewinder@adeptech.com> wrote:
> Because FTPS (FTP over SSL) uses an encrypted command connection, and
> therefore no way to spot and deal with the PORT or PASV command on the way
> thru, the only way to handle it would be to have a two-faced Janus like
FTPS
> server on the firewall. But that might introduce other problems (like
> breaking the certificate trust checks, etc. etc.).
There are FTPS transcoding proxies such as Mindterm and TLSWrap
(http://tlswrap.sunsite.dk/). I raised this question with SCC over a
year ago.
Transcoding proxies talk FTP to internal hosts and talk TLS/SSL on the
Internet (or vice-versa). To quote the web site "TLSWrap is a TLS/SSL
FTP wrapper/proxy for UNIX and Windows, allowing you to use your
favourite FTP client with any TLS/SSL-enabled FTP server."
I'm aware of four different "secure file transfer" solutions, none of
which can be handled by a sidewinder application proxy:
1) FTPS is FTP over SSL. Some FTPS servers can use a cleartext
control channel via "UseCCC". See
http://www.indyproject.org/KB/index.html?howdoiuseftpwithssl.htm
2) EFTP is FTP encapsulated in RSA Public Key security with Blowfish
encryption.
3) SFTP is a protocol based on SSH2.
4) SCP is a simple file transfer protocol that tunnels inside SSH1/SSH2.
All of the above I emailed to 'features@' on May 6, 2005.
Kevin Kadow / kkadow@gmail.com / http://tinyurl.com/3znu8
_______________________________________________
Sidewinder mailing list
Sidewinder@adeptech.com
http://mail.adeptech.com/mailman/listinfo/sidewinder
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic