Differences
This shows you the differences between the selected revisions of the page.
| guide_tunnel 2018-10-06 | guide_tunnel 2026-06-02 (current) | ||
| Line 1: | Line 1: | ||
| - | get hacked by killersec trinity | + | ====== Connect to FTP/SFTP server which can be accessed via another server only ====== |
| + | //This guide contains simplified description of connecting to FTP or SFTP server via tunnel with WinSCP. You may want to see [[tunneling|documentation of the tunneling functionality]] instead//. | ||
| + | |||
| + | ===== Before Starting ===== | ||
| + | |||
| + | Before starting you should: | ||
| + | * [[guide_install|Have WinSCP installed]]; | ||
| + | * [[guide_connect|Know how to connect to both servers]]. | ||
| + | |||
| + | ===== Connecting through SSH tunnel ===== | ||
| + | One possible approach is to setup SSH [[tunneling|tunnel]] and connect through the tunnel. | ||
| + | |||
| + | For simple cases, you can [[ui_login_tunnel|setup tunnel directly in WinSCP]]. | ||
| + | |||
| + | For more complex cases (non-default %%SSH%% settings, multiple hops, FTP protocol, etc.) you need to setup tunnel using external tool. Example of such tool is [[&url(putty)|PuTTY SSH client]] or [[https://the.earth.li/~sgtatham/putty/latest/htmldoc/Chapter7.html|Plink]]. For more information see [[&url(puttydoc)/Chapter3.html#using-port-forwarding|PuTTY documentation on port forwarding]]. | ||
| + | |||
| + | In the text, //Server B// stays for the target server and //Server A// stays for the server thru which you need to connect. | ||
| + | |||
| + | ===== [[tunnel_winscp]] Setting up tunnel in WinSCP ===== | ||
| + | See //[[ui_login_tunnel|Tunnel page]]// on Advanced Site Settings dialog. | ||
| + | |||
| + | ===== [[tunnel_two]] Setting up two hop tunnel using Plink ===== | ||
| + | |||
| + | You can use Plink to implement the first hop by using the following [[ui_login_proxy#command|//Local proxy command//]]:((For details, see [[https://superuser.com/q/477312/213663#1489111|Using WinSCP with SFTP server and two SSH tunnel hops]].)) | ||
| + | |||
| + | <code> | ||
| + | plink.exe %user@%proxyhost -nc %host:%port | ||
| + | </code> | ||
| + | |||
| + | For the second hop, use //[[ui_login_tunnel|Tunnel page]]// as above. | ||
| + | |||
| + | ===== [[tunnel_putty]] Setting up tunnel using PuTTY for SFTP/SCP session ===== | ||
| + | Note that this is for illustration only, such a simple tunnel can be setup directly in WinSCP. | ||
| + | |||
| + | ==== Setting up the tunnel ==== | ||
| + | In PuTTY configure a session for //Server A//. I.e. particularly fill in //Host Name//. Then switch to //Connection > SSH > Tunnels// page. And add new forwarded port: | ||
| + | * //Source port//: Any free local port, typically above 3000. Example: 3111. | ||
| + | * //Destination//: Hostname and port of the //Server B// separated by colon (the same information you would fill on //Session// dialog of WinSCP if you were connecting directly). The port will typically be SSH port 22. Example: example.com:22. | ||
| + | * Make sure forwarded port type is //Local// (default). | ||
| + | * Click //Add//. | ||
| + | Now start the session. Port forwarding starts to work only once you authenticate to //Server A//. Note that you need to keep the session open as long as you use the tunnel. | ||
| + | |||
| + | You can also setup a tunnel from command-line: | ||
| + | putty.exe <Server A> -L 3111:<Server B>:22 | ||
| + | |||
| + | ==== [[tunnel_putty_connecting]] Connecting through the tunnel ==== | ||
| + | In WinSCP configure an SFTP/SCP session for //Server B//. Most settings will be like if you connect to //Server B// directly (username, password, etc.). The only differences are: | ||
| + | * //Hostname//: Fill in "localhost". | ||
| + | * //Port number//: Fill in //Source port// of forwarded port. Example: 3111. | ||
| + | Save the session and login. | ||
| + | |||
| + | ===== [[ftp_putty]] Setting up tunnel using PuTTY for FTP session ===== | ||
| + | |||
| + | ==== Setting up the tunnel ==== | ||
| + | In PuTTY configure a session for //Server A//. I.e. particularly fill in //Host Name//. Then switch to //Connection > SSH > Tunnels// page. And add new forwarded port: | ||
| + | * //Source port//: Any free local port, typically above 3000. Example: 3111. | ||
| + | * //Destination//: Leave empty. | ||
| + | * Set forwarded port type to //Dynamic//. | ||
| + | * Click //Add//. | ||
| + | Now start the session. Port forwarding starts to work only once you authenticate to //Server A//. Note that you need to keep the session open as long as you use the tunnel. | ||
| + | |||
| + | You can also setup a tunnel from command-line: | ||
| + | putty.exe <Server A> -D 3111 | ||
| + | |||
| + | For more information see [[&url(puttydoc)/Chapter3.html#using-port-forwarding|PuTTY documentation on port forwarding]]. | ||
| + | |||
| + | ==== Connecting through the tunnel ==== | ||
| + | In WinSCP configure an FTP session for //Server B//. Then go to //[[ui_login_proxy|Proxy page]]// on Advanced Site Settings dialog: | ||
| + | * Set //Proxy type// to SOCKS5.((This will force [[ui_login_connection#connection|passive mode]], if it was not set already.)) | ||
| + | * //Proxy hostname//: Fill in "localhost". | ||
| + | * //Port number//: Fill in //Source port// of forwarded port. Example: 3111. | ||
| + | Save the session and login. | ||
| + | |||
| + | ===== Further Reading ===== | ||
| + | * [[troubleshooting|Troubleshooting]]; | ||
| + | * [[tunneling|Tunneling]]. | ||