This guide contains simplified description of connecting to FTP or SFTP server via tunnel with WinSCP. You may want to see documentation of the tunneling functionality instead.

Before starting you should:

• Have WinSCP installed;
• Know how to connect to both servers.

One possible approach is to setup SSH tunnel and connect through the tunnel.

For simple cases, you can setup tunnel directly in WinSCP. For more complex cases (non-default SSH settings, multiple hops, FTP protocol, etc.) you need to setup tunnel using external tool. Example of such tool is PuTTY SSH client. For more information see PuTTY documentation on port forwarding.

In the text, Server B stays for the target server and Server A stays for the server thru which you need to connect.

See Tunnel page on Login dialog.

Note that this is for illustration only, such a simple tunnel can be setup directly in WinSCP.

In PuTTY configure a session for Server A. I.e. particularly fill in Host Name. Then switch to Connection > SSH > Tunnels page. And add new forwarded port:

• Source port: Any free local port, typically above 3000. Example: 3111.
• Destination: Hostname and port of the Server B separated by colon (the same information you would fill on Session dialog of WinSCP if you were connecting directly). The port will typically be SSH port 22. Example: example.com:22.
• Make sure forwarded port type is Local (default).
• Click Add.

Now start the session. Port forwarding starts to work only once you authenticate to Server A. Note that you need to keep the session open as long as you use the tunnel.

You can also setup a tunnel from command-line:

putty.exe <Server A> -L 3111:<Server B>:22

In WinSCP configure an SFTP/SCP session for Server B. Most settings will be like if you connect to Server B directly (username, password, etc.). The only differences are:

• Host name: Fill in “localhost”.
• Port number: Fill in Source port of forwarded port. Example: 3111.

Save the session and login.

In PuTTY configure a session for Server A. I.e. particularly fill in Host Name. Then switch to Connection > SSH > Tunnels page. And add new forwarded port:

• Source port: Any free local port, typically above 3000. Example: 3111.
• Destination: Leave empty.
• Set forwarded port type to Dynamic.
• Click Add.

Now start the session. Port forwarding starts to work only once you authenticate to Server A. Note that you need to keep the session open as long as you use the tunnel.

You can also setup a tunnel from command-line:

putty.exe <Server A> -D 3111

For more information see PuTTY documentation on port forwarding.

In WinSCP configure an FTP session for Server B. Then go to Proxy page:

• Set Proxy type to SOCKS5 (this will force passive mode if it was not set already).
• Proxy host name: Fill in “localhost”.
• Port number: Fill in Source port of forwarded port. Example: 3111.

Save the session and login.

• Troubleshooting;
• Tunneling.