Hello,
we are looking for an opportunity to do the sftp via an intermediate socks server (not ssh capable), Just a socks server as is used by tcpip/ftp. I looked up the 'ssh definitive guide' from oreilly but there I only find a desciption of using a ssh gateway.
Is it possible to do a "sftp -o socks5address -b batchfile user@destination" or better "sftp -b batchfile user@destination" and looking up a a socksconfig-file automatically to decide whether to use socks or not.
Any idea about this?
brgds,
Ulrich Schmidt
How to invoke a socks5 server for sftp
-
Ulrich Schmidt
- Posts: 37
- Joined: Fri Jan 09, 2009 1:25 pm
- Location: Germany
-
Ulrich Schmidt
- Posts: 37
- Joined: Fri Jan 09, 2009 1:25 pm
- Location: Germany
I want sftp to send the data via a socks5 sever the same way ftp does. The socks-server itself does not run a ssh server nor client.
With your Co:Z sftp SSH proxy you do it just the outher way round: you tunnel ftp data through a ssh connection.
I want to send data by an sftp client to an internet address and need to use a given socks5-server to get there since the z/OS must not be connected directly to the internet.
With your Co:Z sftp SSH proxy you do it just the outher way round: you tunnel ftp data through a ssh connection.
I want to send data by an sftp client to an internet address and need to use a given socks5-server to get there since the z/OS must not be connected directly to the internet.
sftp uses ssh for its underlying connection.
It is possible to do what you want, which I interpret to be this:
sftp -> ssh -> socks5 proxy interface command ---> socks5 proxy client ---> socks5 proxy server ---> sshd ->sftp-server.
(The links "->" above are process-to-process, and "--->" are network)
The ssh option that you use is "ProxyCommand", but it requires that you supply the name of a command that implements the socks5 proxy interface and simply redirects everything through stdin/stdout.
I haven't tried this, but it looks like IBM's version of ssh supports ProxyCommand (do a "man sftp_config").
But: you have to supply your own socks5 proxy client command that acts as a stdin/stdout filter. Here's one that you can probably port to z/OS:
http://bent.latency.net/bent/darcs/goto ... nnect.html
However: You might want to consider using the Co:Z Launcher and using a Linux box in a DMZ as your file transfer gateway. This offers much more flexibility. See this article that we wrote last year for zJournal for more details:
http://www.zjournal.com/index.cfm?secti ... e&aid=1075
It is possible to do what you want, which I interpret to be this:
sftp -> ssh -> socks5 proxy interface command ---> socks5 proxy client ---> socks5 proxy server ---> sshd ->sftp-server.
(The links "->" above are process-to-process, and "--->" are network)
The ssh option that you use is "ProxyCommand", but it requires that you supply the name of a command that implements the socks5 proxy interface and simply redirects everything through stdin/stdout.
I haven't tried this, but it looks like IBM's version of ssh supports ProxyCommand (do a "man sftp_config").
But: you have to supply your own socks5 proxy client command that acts as a stdin/stdout filter. Here's one that you can probably port to z/OS:
http://bent.latency.net/bent/darcs/goto ... nnect.html
However: You might want to consider using the Co:Z Launcher and using a Linux box in a DMZ as your file transfer gateway. This offers much more flexibility. See this article that we wrote last year for zJournal for more details:
http://www.zjournal.com/index.cfm?secti ... e&aid=1075