Subject: Re: Policy questions
To: John Hawkinson <jhawk@MIT.EDU>
From: Ognyan Kulev <ogi@fmi.uni-sofia.bg>
List: tech-userlevel
Date: 01/03/2004 11:57:23
John Hawkinson wrote:
> Well, no. The issue that I raised is that we ought to have a tool to
> allow unencrypted file transfers without allowing unencrypted logins,
> and that netcat was the only tool I knew of that usefully allowed it.
> If there are other tools in common usage, I'd like to know what they
> are.

I'm not sure if that's irrelevant to this thread, but once I did the 
following:  On remote machine there is anonymous ftp running that 
accepts connections only from its localhost and have "incoming" 
directory or something like that.  When connecting with ssh from local 
to remote machine I made a tunnel that redirects local:21 to remote:21. 
  From now on, "ftp localhostname" actually works on remote host. 
Notice that only control socket connection is transferred via the 
encrypted tunnel -- data connections are pure socket connections due to 
the nature of the FTP protocol.  Another note is about _not_ using 
localhost:21 but the real host name that resolves to real IP.  This 
guides remote FTP server to use local IP, not 127.0.0.1.

I may be wrong in the details, but this scheme worked fine.

Regards
-- 
Ognyan Kulev <ogi@{fmi.uni-sofia.bg,fsa-bg.org,jabber.org}>
7D9F 66E6 68B7 A62B 0FCF  EB04 80BF 3A8C A252 9782