Jump to content

Recommended Posts

Posted

Server B is set up to allow SSH only from Server A (firewall, iptables)

Server A is wide open.

Thus I can SSH into Server A, and once logged in there, SSH into Server B.

I would like to do the same (sort of) with SFTP. Can I create a tunnel (using Plink ... or anything) so that I can SFTP from my PC to Server B?

I.e.

My PC --ssh--> Server A --ssh--> Server B

so when i sftp ServerB from my PC it will work? Using filezilla.

I tried some instructions that seemed to be for similar things but I don't quite understand Plink. For example creating a .bat with

plink -ssh -L 22:ServerA:22 -N -pw password user@ServerA

but this just results in a message "Using username (username)"

Any ideas?

Thanks

a

Posted (edited)

This sounds like a similar setup to the Kevin Mitnick attack. Also noted in the movie Trackdown aka "Hackers 2 Operation Takedown"

I bought the DVD it's called Trackdown in the states.

That being said, I would say set up the lab and try it out. Either with virtuals or physical machines.

If you are doing this as a security measure. Why not make server A, a VPN server and VPN it all?

But either way you will have to SSH into Server A and then SFTP into server B. And then you will have to SFTP the files from your PC from Server A.

I could be way off. Beer is good :P

Edited by Mr-Protocol
Posted (edited)

Why don't you use openVPN to secure a link between Server A and Server B and then SSH to tunnel from your PC into server A.

For example.

My PC --ssh--> Server A --OpenVPN--> Server B

Either way, its up to you what you use to secure the link between the serves, OPenVPN or SSH.

Edited by Infiltrator
Posted

Just setup a dynamic SOCKS proxy between your PC and Server A and then change the Filezilla settings to use the localhost proxy you created.

Posted

WinSCP does both SCP and SFTP. I would just use that to reach your destination, no need for tunnels being set up to handle ftp over ssh.

Posted
WinSCP does both SCP and SFTP. I would just use that to reach your destination, no need for tunnels being set up to handle ftp over ssh.

But I would think he NEEDS a tunnel, because Server B isn't open to the public. If I'm wrong, please elaborate.

Posted

He could still use WinSCP, to reach his destination and then use OPenVPN to link the serves together.

Posted (edited)

Ive never actually tried it, but you can open a Terminal in WinSCP that I beleive will let you then hop or ssh into server B from your connection to server A without the need for a pre-existing tunnel. I could be wrong, but give it a shot. The Terminal window in WinSCP us under commands > open terminal.

http://winscp.net/eng/docs/remote_command

edit: Just tried and seems doesnt work 100% with the commend line util since it doesnt to terminal emulation, so might have to actually use putty once in though,

http://myblogs.mikeb.info/index.php/compon...ent/article/469

I copied putty to the same folder as winscp and edited the ini file to just say putty.exe for the path and it launches putty from within winscp and prompts you for your password, so looks like it lets you in, then you can (I asusme) sftp and pivot from that location to server B to upload whatever files you want. I dont have two servers to test on at the moment, but may give this a try. If I get it working, I'll post back what I've found.

Edited by digip
  • 3 weeks later...
Posted

Belated thanks to all your replies. Headed out of town right after making this post and forgot about it ... until now.

When I get a moment I'll try these solutions out.

thx

a

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...