amac44 Posted July 3, 2010 Posted July 3, 2010 Server B is set up to allow SSH only from Server A (firewall, iptables) Server A is wide open. Thus I can SSH into Server A, and once logged in there, SSH into Server B. I would like to do the same (sort of) with SFTP. Can I create a tunnel (using Plink ... or anything) so that I can SFTP from my PC to Server B? I.e. My PC --ssh--> Server A --ssh--> Server B so when i sftp ServerB from my PC it will work? Using filezilla. I tried some instructions that seemed to be for similar things but I don't quite understand Plink. For example creating a .bat with plink -ssh -L 22:ServerA:22 -N -pw password user@ServerA but this just results in a message "Using username (username)" Any ideas? Thanks a Quote
Mr-Protocol Posted July 3, 2010 Posted July 3, 2010 (edited) This sounds like a similar setup to the Kevin Mitnick attack. Also noted in the movie Trackdown aka "Hackers 2 Operation Takedown" I bought the DVD it's called Trackdown in the states. That being said, I would say set up the lab and try it out. Either with virtuals or physical machines. If you are doing this as a security measure. Why not make server A, a VPN server and VPN it all? But either way you will have to SSH into Server A and then SFTP into server B. And then you will have to SFTP the files from your PC from Server A. I could be way off. Beer is good :P Edited July 3, 2010 by Mr-Protocol Quote
Infiltrator Posted July 3, 2010 Posted July 3, 2010 (edited) Why don't you use openVPN to secure a link between Server A and Server B and then SSH to tunnel from your PC into server A. For example. My PC --ssh--> Server A --OpenVPN--> Server B Either way, its up to you what you use to secure the link between the serves, OPenVPN or SSH. Edited July 3, 2010 by Infiltrator Quote
H@L0_F00 Posted July 4, 2010 Posted July 4, 2010 Just setup a dynamic SOCKS proxy between your PC and Server A and then change the Filezilla settings to use the localhost proxy you created. Quote
digip Posted July 4, 2010 Posted July 4, 2010 WinSCP does both SCP and SFTP. I would just use that to reach your destination, no need for tunnels being set up to handle ftp over ssh. Quote
H@L0_F00 Posted July 4, 2010 Posted July 4, 2010 WinSCP does both SCP and SFTP. I would just use that to reach your destination, no need for tunnels being set up to handle ftp over ssh. But I would think he NEEDS a tunnel, because Server B isn't open to the public. If I'm wrong, please elaborate. Quote
Infiltrator Posted July 4, 2010 Posted July 4, 2010 He could still use WinSCP, to reach his destination and then use OPenVPN to link the serves together. Quote
digip Posted July 5, 2010 Posted July 5, 2010 (edited) Ive never actually tried it, but you can open a Terminal in WinSCP that I beleive will let you then hop or ssh into server B from your connection to server A without the need for a pre-existing tunnel. I could be wrong, but give it a shot. The Terminal window in WinSCP us under commands > open terminal. http://winscp.net/eng/docs/remote_command edit: Just tried and seems doesnt work 100% with the commend line util since it doesnt to terminal emulation, so might have to actually use putty once in though, http://myblogs.mikeb.info/index.php/compon...ent/article/469 I copied putty to the same folder as winscp and edited the ini file to just say putty.exe for the path and it launches putty from within winscp and prompts you for your password, so looks like it lets you in, then you can (I asusme) sftp and pivot from that location to server B to upload whatever files you want. I dont have two servers to test on at the moment, but may give this a try. If I get it working, I'll post back what I've found. Edited July 5, 2010 by digip Quote
amac44 Posted July 22, 2010 Author Posted July 22, 2010 Belated thanks to all your replies. Headed out of town right after making this post and forgot about it ... until now. When I get a moment I'll try these solutions out. thx a Quote
amac44 Posted July 22, 2010 Author Posted July 22, 2010 And correct that Server B is not open to the public. That's the whole problem, if I didn't make that clear. Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.