SSH Tunneling (BatchFTP Connectivity Map)
The SSH Tunneling section provides information for configuring
the SSH Tunneling properties. If Secure
FTP (FTP over SSH or FTP over SSL) is required, use the Secure FTP OTDs (BatchFTPOverSSL,
BatchSFTP, and BatchSCP).
The SSH Tunneling section of the BatchFTP Connectivity Map properties
contains the top-level parameters displayed in this table.
Table 8 Connectivity Map - BatchFTP - SSH
Tunneling
Name
|
Description
|
Required Value
|
SSH Channel Established
|
Specifies whether the adapter needs to launch an SSH subprocess.
Selecting No indicates that the SSH
channel has not yet been established. The adapter spawns a subprocess internally
then establishes the channel on your behalf.
If you select No, you must set the
following parameters:
-
SSH Command Line
-
SSH Listen Port (Environment
property)
If you select No,
setting the following parameters is optional:
-
SSH User Name (Environment
property)
-
SSH Password (Environment
property)
Selecting Yes indicates
that an SSH channel has already been established. That is, the channel has
already been started outside the adapter, and the adapter does not need to
establish it. For example, you could have issued a command outside of Java
CAPS, or you could know that another Batch Adapter instance has already
established the channel by the time this adapter runs.
If you select Yes, you must set the
following parameters:
-
SSH Listen Host (Environment
property)
-
SSH Listen Port (Environment
property)
|
Select Yes or No.
The configured default is No.
|
SSH Command Line
|
Specifies
the command line used to establish an SSH channel. This parameter is required
only when you set the SSH Channel Established parameter
to No.
This entry must be the complete, correct command line required by the
additional software application you are using to support SSH tunneling. This
command line is executed as it is, so you must be sure of the following:
-
It contains all the necessary arguments
-
The syntax is correct
-
It is compliant with your SSH-environment
To verify
these requirements, test this command line manually outside of Java CAPS to
make sure it works correctly. Execute the command line from the shell and
ensure that it does not prompt for any additional user input. If it does,
continue to add whatever additional parameters are required until it no longer
prompts for additional input, then use that command line in the adapter’s
configuration.
You can specify any other options that are based on your SSH-environment.
However, if you do so, you must still be sure this command line is correct
and complete. For example, port forwarding could be specified using the following
command-line option:
-L ListenPort:FtpServerHost:FtpServerPort
In this example, ListenPort must be the same value
as that given for the parameter SSH Listen Port.
The value given for FtpServerHost overwrites the parameter
setting for Host Name under the FTP parameters. The value given for FtpServerPort overwrites the parameter setting for Server
Port under the FTP parameters.
All other settings under the FTP parameters
operate for the specified FTP server: FtpServerHost:FtpServerPort.
If the SSH channel established by an SSH command line must be shared
by other Batch Adapter instances located on different Java CAPS client
hosts, you must configure SSH port forwarding to allow non-local connections
from other hosts. For some SSH clients, you can use the option -g.
Note –
You can also specify port forwarding in your SSH configuration
file.
(Continued on the next page)
|
A valid SSH command line.
|
SSH Command Line (continued)
|
(Continued from last page)
The command-line syntax can differ, depending on the type of SSH client
implementation you are using. See your SSH-tunneling support software user
documentation for details.
Examples:
ssh -L 3456:ftp.sun.com:21 -o BatchMode=yes apple
ssh -L 4567:apple:21 -o BatchMode=yes apple
ssh -L 5678:orange:21 -o BatchMode=yes apple
ssh -L 6789:orange:21 -g -o BatchMode=yes apple
plink -L 4567:apple:21 apple
plink -L 5678:orange:21 apple
plink -L 6789:orange:21 -g apple
|
|
SSH Tunneling Enabled
|
Specifies
whether the FTP command connection is secured through an SSH tunnel.
If you choose No, all other parameters
in this section are ignored.
Note –
If you want to use the SSH port-forwarding feature, you may need
to reconfigure your FTP server, depending on what kind of server you are using
and how it is currently configured. See your SSH documentation for more information.
|
Select Yes or No.
The configured default is No.
|
Additional SSH-supporting Software
The adapter’s SSH tunneling (also known as port forwarding) feature
utilizes additional existing SSH-supporting software applications, for example,
Plink on Windows or OpenSSH on UNIX (see Additional Software Requirements
For different SSH client implementations, the command syntax and environment
configuration may vary. See your SSH-supporting application’s user guide
for details.
Port-forwarding Configuration
SSH tunneling provides secure FTP command connections. This mechanism
is based on an existing SSH port-forwarding configuration. You must configure
SSH port forwarding on the SSH listen host before you
configure the supporting adapter connection.
For example, on the Java CAPS client host localhost, you can issue a command, such as:
ssh -L 4567:apple:21 -o BatchMode=yes apple
|
Under the adapter’s configuration for the previous example, you
must specify:
In this case, the adapter connects to the FTP server apple:21 through an SSH tunnel. For more information
on SSH tunneling, see SSH Tunneling Support.
Note – It is possible to use SOCKS and SSH tunneling at the same time.
However, this practice is not recommended.