Documentation » Using WinSCP » Guides » Set Up »

Connect to FTP/SFTP server which can be accessed via another server only

This guide contains simplified description of connecting to FTP or SFTP server via tunnel with WinSCP. You may want to see documentation of the tunneling functionality instead.

Advertisement

Before Starting

Before starting you should:

Connecting through SSH tunnel

One possible approach is to setup SSH tunnel and connect through the tunnel.

For simple cases, you can setup tunnel directly in WinSCP.

For more complex cases (non-default SSH settings, multiple hops, FTP protocol, etc.) you need to setup tunnel using external tool. Example of such tool is PuTTY SSH client or Plink. For more information see PuTTY documentation on port forwarding.

In the text, Server B stays for the target server and Server A stays for the server thru which you need to connect.

Setting up tunnel in WinSCP

See Tunnel page on Advanced Site Settings dialog.

Setting up tunnel using PuTTY for SFTP/SCP session

Note that this is for illustration only, such a simple tunnel can be setup directly in WinSCP.

Setting up the tunnel

In PuTTY configure a session for Server A. I.e. particularly fill in Host Name. Then switch to Connection > SSH > Tunnels page. And add new forwarded port:

  • Source port: Any free local port, typically above 3000. Example: 3111.
  • Destination: Hostname and port of the Server B separated by colon (the same information you would fill on Session dialog of WinSCP if you were connecting directly). The port will typically be SSH port 22. Example: example.com:22.
  • Make sure forwarded port type is Local (default).
  • Click Add.

Now start the session. Port forwarding starts to work only once you authenticate to Server A. Note that you need to keep the session open as long as you use the tunnel.

You can also setup a tunnel from command-line:

putty.exe <Server A> -L 3111:<Server B>:22

Connecting through the tunnel

In WinSCP configure an SFTP/SCP session for Server B. Most settings will be like if you connect to Server B directly (username, password, etc.). The only differences are:

  • Host name: Fill in “localhost”.
  • Port number: Fill in Source port of forwarded port. Example: 3111.

Save the session and login.

Setting up tunnel using PuTTY for FTP session

Setting up the tunnel

In PuTTY configure a session for Server A. I.e. particularly fill in Host Name. Then switch to Connection > SSH > Tunnels page. And add new forwarded port:

  • Source port: Any free local port, typically above 3000. Example: 3111.
  • Destination: Leave empty.
  • Set forwarded port type to Dynamic.
  • Click Add.

Advertisement

Now start the session. Port forwarding starts to work only once you authenticate to Server A. Note that you need to keep the session open as long as you use the tunnel.

You can also setup a tunnel from command-line:

putty.exe <Server A> -D 3111

For more information see PuTTY documentation on port forwarding.

Connecting through the tunnel

In WinSCP configure an FTP session for Server B. Then go to Proxy page on Advanced Site Settings dialog:

  • Set Proxy type to SOCKS5.2
  • Proxy host name: Fill in “localhost”.
  • Port number: Fill in Source port of forwarded port. Example: 3111.

Save the session and login.

Further Reading

  1. For details, see Using WinSCP with SFTP server and two SSH tunnel hops.Back
  2. This will force passive mode, if it was not set already.Back

Last modified: by martin