From: Glenn D. Tiffert (tiffert@post.harvard.edu)
Date: Thu Oct 25 2001 - 13:00:00 PDT
the way socrates is configured may indeed be an issue.
i tried another SSH client: mindterm 2.1. it is a java app and, in addition
to SSH tunneling, it also offers ftp to sftp bridging so that you can use
any ftp client (fetch, etc.) to achieve sftp level security.
using mindterm, i was able to open several SSH tunnels. nonetheless,
interarchy returned the same port theft error i have been getting all along.
i then tried to enable the ftp to sftp bridging feature, but got a
"permission denied" error in mindterm.
getting this bridge to work would be great because as of yet there is no
sftp client with a pretty Aqua GUI.
i wonder if anyone involved with socrates could provide input on why none of
this is working? (there is also a pretty good chance that it could just be
me, because i am nearly out of my depth here.)
mindterm can be found at (though the web site has been down this afternoon):
http://www.appgate.org/products/mindterm/personal/mindterm_2.1-bin.zip
-------------------------------------
Glenn D. Tiffert
tiffert@post.harvard.edu
> From: "Aron Roberts" <aron@socrates.berkeley.edu>
> Date: Thu, 25 Oct 2001 11:11:28 -0700
> To: "MAGNet-UCB Macintosh support user group"
> <magnet-list@uclink4.berkeley.edu>
> Cc: "Socrates Consulting" <consult@socrates.berkeley.edu>
> Subject: Re: [MAGNet] OS X, Interarchy & SSH: help!
>
> In the message "[MAGNet] OS X, Interarchy & SSH: help!", dated
> 2001-10-25, Glenn D. Tiffert wrote:
>
>> A quick question:
>>
>> I have been trying to ftp in to my socrates account using the OS X version
>> of Interarchy 5.01.
>>
>> It works fine unless I select the tunnel via SSH option. If I try to ftp
>> with this option turned on, I get the following error:
>>
>>> PASV
>>> 227 Entering Passive Mode (128,32,25,13,179,224)
>>> LIST
>>> 425 Possible PASV port theft, cannot open data connection.
>
> One possible reason for this error is that Socrates may be using an
> FTP server which prevents someone from committing "port theft."
>
> The FTP server does this by checking for FTP clients which
> establish a control connection from one IP address, then attempt to
> open one or more data connections from a different IP address.
> Unfortunately, this also occurs when someone legitimately attempts to
> connect via SSH tunnelling.
>
> Recent versions of wu-ftpd <http://www.wu-ftpd.org/>, a widely used
> freeware FTP daemon from Washington University in St. Louis, can be
> configured to perform this type of checking to prevent against
> possible "port theft" exploits. Socrates is running the current
> version, 2.6.1, of wu-ftpd, as per its FTP server greeting, and this
> server might be configured in this manner:
>
>> 220 socrates.Berkeley.EDU FTP server (Version wu-2.6.1(7) Wed Jan 3
>> 12:35:15 PST 2001) ready.
>
> There's a brief description of this issue in an Interarchy
> discussion group at:
>
> http://groups.yahoo.com/group/interarchy/message/853
>
> and a clear and detailed description in the section titled "A Problem
> Most Foul" in:
>
> Bowie Snyder
> "Secure Shell Port Forwarding for Securing Dreamweaver 3 FTP
> and Other Legacy FTP Clients", May 2001
> http://www.bowiesnyder.com/writings/ftp_ssh.htm
>
> Aron Roberts
> Workstation Software Support Group
>
> ------------------------------------------------------------------------
> The following was automatically added to this message by the list server:
>
> For information about MAGNet, its meetings and events, and its
> mailing list, including information on subscribing and unsubscribing,
> see the MAGNet Web site at <http://mac.berkeley.edu/help/magnet/>.
------------------------------------------------------------------------
The following was automatically added to this message by the list server:
For information about MAGNet, its meetings and events, and its
mailing list, including information on subscribing and unsubscribing,
see the MAGNet Web site at <http://mac.berkeley.edu/help/magnet/>.
This archive was generated by hypermail 2b29 : Thu Oct 25 2001 - 13:00:29 PDT