SSH Tunneling (BatchFTP Connectivity Map)
The SSH Tunneling section provides information for configuring
the SSH Tunneling properties. If
Secure FTP (FTP over SSH or FTP over SSL) is required, use the Secure
FTP OTDs (BatchFTPOverSSL, BatchSFTP, and BatchSCP).
The SSH Tunneling section of the BatchFTP Connectivity Map properties
contains the top-level parameters displayed in this table:
Table 19 Connectivity Map - BatchFTP
- SSH Tunneling
Name
|
Description
|
Required Value
|
SSH Channel
Established
|
Specifies whether the adapter needs to launch an SSH subprocess.
Selecting No indicates that
the SSH channel has not yet been established. The adapter spawns a
subprocess internally then establishes the channel on your behalf.
If you select No, you must
set the following parameters,
-
SSH Command Line
-
SSH Listen Port (Environment
property)
If you select No,
setting the following parameters is optional.
-
SSH User Name (Environment
property)
-
SSH Password (Environment
property)
Selecting Yes indicates
that an SSH channel has already been established. That is, the channel
has already been started outside the adapter, and the adapter does
not need to establish it. For example, you could have issued a command
outside of the Service Bus, or you could know that another Batch Adapter instance
has already established the channel by the time this adapter runs.
If you select Yes, you must
set the following parameters,
|
Select Yes or No.
The configured default is No.
|
SSH Command Line
|
Specifies the command line used to establish an SSH channel.
This parameter is required only when you set the SSH Channel Established parameter to No.
This entry must be the complete, correct command line required
by the additional software application you are using to support SSH
tunneling. This command line is executed as it is, so you must be
sure of the following,
-
It contains all the necessary arguments
-
The syntax is correct
-
It is compliant with your SSH-environment
To
verify these requirements, test this command line manually outside
of the Service Bus to make sure it works correctly. Execute the command
line from the shell and ensure that it does not prompt for any additional
user input. If it does, continue to add whatever additional parameters
are required until it no longer prompts for additional input, then
use that command line in the adapter’s configuration.
You
can specify any other options that are based on your SSH-environment.
However, if you do so, you must still be sure this command line is
correct and complete. For example, port forwarding could be specified
using the following command-line option.
-L ListenPort:FtpServerHost:FtpServerPort
In this example, ListenPort must be the same value as that given for the parameter SSH Listen Port. The value given for FtpServerHost overwrites the parameter setting for Host
Name under the FTP parameters.
The value given for FtpServerPort overwrites the
parameter setting for Server Port under
the FTP parameters. All other settings
under the FTP parameters operate
for the specified FTP server, FtpServerHost:FtpServerPort.
If the SSH channel established by an SSH
command line must be shared by other Batch Adapter instances located
on different client hosts, you must configure SSH port forwarding
to allow non-local connections from other hosts. For some SSH clients,
you can use the option -g.
Note –
You can also specify port forwarding in your SSH configuration
file.
|
A valid SSH command line.
|
SSH Command Line
|
The command-line syntax can differ, depending on the type of
SSH client implementation you are using. See your SSH-tunneling support
software user documentation for details.
For example,
ssh -L 3456:ftp.sun.com:21 -o BatchMode=yes apple
ssh -L 4567:apple:21 -o BatchMode=yes apple
ssh -L 5678:orange:21 -o BatchMode=yes apple
ssh -L 6789:orange:21 -g -o BatchMode=yes apple
plink -L 4567:apple:21 apple
plink -L 5678:orange:21 apple
plink -L 6789:orange:21 -g apple
|
|
SSH Tunneling
Enabled
|
Specifies whether the FTP command connection is secured
through an SSH tunnel.
If you choose No, all other
parameters in this section are ignored.
Note –
If you want to use the SSH port-forwarding feature, you
may need to reconfigure your FTP server, depending on what kind of
server you are using and how it is currently configured.
|
Select Yes or No.
The configured default is No.
|
Additional SSH-Supporting Software
The adapter’s SSH tunneling (also known as port forwarding)
feature utilizes additional existing SSH-supporting software applications,
for example, Plink on Windows or OpenSSH on UNIX (see Additional Software Requirements).
For different SSH client implementations, the command syntax
and environment configuration may vary. See your SSH-supporting application’s
user guide for details.
Port-forwarding Configuration
SSH tunneling provides secure FTP command connections. This
mechanism is based on an existing SSH port-forwarding configuration.
You must configure SSH port forwarding on the SSH
listen host before you configure the supporting Adapter
Connection.
For example, on the App Server client host localhost, you can issue a command, such as,
ssh -L 4567:apple:21 -o BatchMode=yes apple
|
Under the adapter’s configuration for the previous example,
you must specify,
In this case, the adapter connects to the FTP server apple:21 through an SSH tunnel. For more
information on SSH tunneling, see SSH Tunneling
Support.
Note – It is possible to use SOCKS and SSH tunneling at the same
time. However, this practice is not recommended.
Where to Go Next
General Settings (BatchFTP Connectivity Map).
More Information
Related Topics
For links to the other topics for this Adapter, go to Related
Topics for Sun Adapter for Batch/FTP.