amac44 Posted July 3, 2010 Share Posted July 3, 2010 Server B is set up to allow SSH only from Server A (firewall, iptables) Server A is wide open. Thus I can SSH into Server A, and once logged in there, SSH into Server B. I would like to do the same (sort of) with SFTP. Can I create a tunnel (using Plink ... or anything) so that I can SFTP from my PC to Server B? I.e. My PC --ssh--> Server A --ssh--> Server B so when i sftp ServerB from my PC it will work? Using filezilla. I tried some instructions that seemed to be for similar things but I don't quite understand Plink. For example creating a .bat with plink -ssh -L 22:ServerA:22 -N -pw password user@ServerA but this just results in a message "Using username (username)" Any ideas? Thanks a Quote Link to comment Share on other sites More sharing options...
Mr-Protocol Posted July 3, 2010 Share Posted July 3, 2010 (edited) This sounds like a similar setup to the Kevin Mitnick attack. Also noted in the movie Trackdown aka "Hackers 2 Operation Takedown" I bought the DVD it's called Trackdown in the states. That being said, I would say set up the lab and try it out. Either with virtuals or physical machines. If you are doing this as a security measure. Why not make server A, a VPN server and VPN it all? But either way you will have to SSH into Server A and then SFTP into server B. And then you will have to SFTP the files from your PC from Server A. I could be way off. Beer is good :P Edited July 3, 2010 by Mr-Protocol Quote Link to comment Share on other sites More sharing options...
Infiltrator Posted July 3, 2010 Share Posted July 3, 2010 (edited) Why don't you use openVPN to secure a link between Server A and Server B and then SSH to tunnel from your PC into server A. For example. My PC --ssh--> Server A --OpenVPN--> Server B Either way, its up to you what you use to secure the link between the serves, OPenVPN or SSH. Edited July 3, 2010 by Infiltrator Quote Link to comment Share on other sites More sharing options...
H@L0_F00 Posted July 4, 2010 Share Posted July 4, 2010 Just setup a dynamic SOCKS proxy between your PC and Server A and then change the Filezilla settings to use the localhost proxy you created. Quote Link to comment Share on other sites More sharing options...
digip Posted July 4, 2010 Share Posted July 4, 2010 WinSCP does both SCP and SFTP. I would just use that to reach your destination, no need for tunnels being set up to handle ftp over ssh. Quote Link to comment Share on other sites More sharing options...
H@L0_F00 Posted July 4, 2010 Share Posted July 4, 2010 WinSCP does both SCP and SFTP. I would just use that to reach your destination, no need for tunnels being set up to handle ftp over ssh. But I would think he NEEDS a tunnel, because Server B isn't open to the public. If I'm wrong, please elaborate. Quote Link to comment Share on other sites More sharing options...
Infiltrator Posted July 4, 2010 Share Posted July 4, 2010 He could still use WinSCP, to reach his destination and then use OPenVPN to link the serves together. Quote Link to comment Share on other sites More sharing options...
digip Posted July 5, 2010 Share Posted July 5, 2010 (edited) Ive never actually tried it, but you can open a Terminal in WinSCP that I beleive will let you then hop or ssh into server B from your connection to server A without the need for a pre-existing tunnel. I could be wrong, but give it a shot. The Terminal window in WinSCP us under commands > open terminal. http://winscp.net/eng/docs/remote_command edit: Just tried and seems doesnt work 100% with the commend line util since it doesnt to terminal emulation, so might have to actually use putty once in though, http://myblogs.mikeb.info/index.php/compon...ent/article/469 I copied putty to the same folder as winscp and edited the ini file to just say putty.exe for the path and it launches putty from within winscp and prompts you for your password, so looks like it lets you in, then you can (I asusme) sftp and pivot from that location to server B to upload whatever files you want. I dont have two servers to test on at the moment, but may give this a try. If I get it working, I'll post back what I've found. Edited July 5, 2010 by digip Quote Link to comment Share on other sites More sharing options...
amac44 Posted July 22, 2010 Author Share Posted July 22, 2010 Belated thanks to all your replies. Headed out of town right after making this post and forgot about it ... until now. When I get a moment I'll try these solutions out. thx a Quote Link to comment Share on other sites More sharing options...
amac44 Posted July 22, 2010 Author Share Posted July 22, 2010 And correct that Server B is not open to the public. That's the whole problem, if I didn't make that clear. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.