From: Glenn D. Tiffert (tiffert@post.harvard.edu)
Date: Mon Oct 29 2001 - 12:46:41 PST
I have it directly from the socrates consulting staff that socrates does not
support tunneling via SSH.
-------------------------------------
Glenn D. Tiffert
tiffert@post.harvard.edu
> From: Glenn D. Tiffert <tiffert@post.harvard.edu>
> Date: Thu, 25 Oct 2001 13:00:00 -0800
> To: MAGnet <magnet-list@listlink.berkeley.edu>
> Subject: Re: [MAGNet] OS X, Interarchy & SSH: help!
>
>
> the way socrates is configured may indeed be an issue.
>
> i tried another SSH client: mindterm 2.1. it is a java app and, in addition
> to SSH tunneling, it also offers ftp to sftp bridging so that you can use any
> ftp client (fetch, etc.) to achieve sftp level security.
>
> using mindterm, i was able to open several SSH tunnels. nonetheless,
> interarchy returned the same port theft error i have been getting all along.
>
> i then tried to enable the ftp to sftp bridging feature, but got a "permission
> denied" error in mindterm.
>
> getting this bridge to work would be great because as of yet there is no sftp
> client with a pretty Aqua GUI.
>
> i wonder if anyone involved with socrates could provide input on why none of
> this is working? (there is also a pretty good chance that it could just be
> me, because i am nearly out of my depth here.)
>
>
> mindterm can be found at (though the web site has been down this afternoon):
>
> http://www.appgate.org/products/mindterm/personal/mindterm_2.1-bin.zip
>
> -------------------------------------
> Glenn D. Tiffert
> tiffert@post.harvard.edu
>
>
>
>
>> From: "Aron Roberts" <aron@socrates.berkeley.edu>
>> Date: Thu, 25 Oct 2001 11:11:28 -0700
>> To: "MAGNet-UCB Macintosh support user group"
>> <magnet-list@uclink4.berkeley.edu>
>> Cc: "Socrates Consulting" <consult@socrates.berkeley.edu>
>> Subject: Re: [MAGNet] OS X, Interarchy & SSH: help!
>>
>> In the message "[MAGNet] OS X, Interarchy & SSH: help!", dated
>> 2001-10-25, Glenn D. Tiffert wrote:
>>
>>> A quick question:
>>>
>>> I have been trying to ftp in to my socrates account using the OS X version
>>> of Interarchy 5.01.
>>>
>>> It works fine unless I select the tunnel via SSH option. If I try to ftp
>>> with this option turned on, I get the following error:
>>>
>>>> PASV
>>>> 227 Entering Passive Mode (128,32,25,13,179,224)
>>>> LIST
>>>> 425 Possible PASV port theft, cannot open data connection.
>>
>> One possible reason for this error is that Socrates may be using an
>> FTP server which prevents someone from committing "port theft."
>>
>> The FTP server does this by checking for FTP clients which
>> establish a control connection from one IP address, then attempt to
>> open one or more data connections from a different IP address.
>> Unfortunately, this also occurs when someone legitimately attempts to
>> connect via SSH tunnelling.
>>
>> Recent versions of wu-ftpd <http://www.wu-ftpd.org/>, a widely used
>> freeware FTP daemon from Washington University in St. Louis, can be
>> configured to perform this type of checking to prevent against
>> possible "port theft" exploits. Socrates is running the current
>> version, 2.6.1, of wu-ftpd, as per its FTP server greeting, and this
>> server might be configured in this manner:
>>
>>> 220 socrates.Berkeley.EDU FTP server (Version wu-2.6.1(7) Wed Jan 3
>>> 12:35:15 PST 2001) ready.
>>
>> There's a brief description of this issue in an Interarchy
>> discussion group at:
>>
>> http://groups.yahoo.com/group/interarchy/message/853
>>
>> and a clear and detailed description in the section titled "A Problem
>> Most Foul" in:
>>
>> Bowie Snyder
>> "Secure Shell Port Forwarding for Securing Dreamweaver 3 FTP
>> and Other Legacy FTP Clients", May 2001
>> http://www.bowiesnyder.com/writings/ftp_ssh.htm
>>
>> Aron Roberts
>> Workstation Software Support Group
>>
>> ------------------------------------------------------------------------
>> The following was automatically added to this message by the list server:
>>
>> For information about MAGNet, its meetings and events, and its
>> mailing list, including information on subscribing and unsubscribing,
>> see the MAGNet Web site at <http://mac.berkeley.edu/help/magnet/>.
------------------------------------------------------------------------
The following was automatically added to this message by the list server:
For information about MAGNet, its meetings and events, and its
mailing list, including information on subscribing and unsubscribing,
see the MAGNet Web site at <http://mac.berkeley.edu/help/magnet/>.
This archive was generated by hypermail 2b29 : Mon Oct 29 2001 - 12:47:18 PST