SSH Port Forwarding for FTP

Tunneling a FTP connection over SSH is not something that is straight forward. To understand the problem better, we need to analyse how FTP works.

FTP uses TCP port 21 as a control connection port for sending commands from the client and to receive responses from the server. A dynamic data connection port (the port number is usually a random unprivileged port that is above 1023) is assigned for each file transfer and file listing between the client and the server. Since we do not normally know the dynamic port number being used for the data transfer in advance, we will not be able to know which ports to add for port forwarding besides port 21.

To overcome this problem, we will need to use the SSH dynamic port forwarding feature which works like a SOCKS proxy. I will give an illustration based on the diagram below.

SSH dynamic port forwarding for FTP

We will connect from the homepc to the ssh01 server via ssh, configure dynamic port forwarding and perform FTP file transfers between the homepc and ftp01, which is the FTP server. I will use the PuTTY and Filezilla as my SSH and FTP clients respectively as both can be downloaded for free.

Configuring the SSH client

Open PuTTY and add IP address (10.20.30.40) of the ssh server. It should look something like this.

PuTTY session config

Navigate to Connection -> SSH -> Tunnels and enter “127.0.0.1:1080” (without the quotes) in the ‘Source Port’ field and select the ‘Dynamic’ radio button. Click on the ‘Add’ button and you will see “D127.0.0.1:1080” in the ‘Forwarded ports’ list.

PuTTY ssh tunnel config

Now navigate back to the PuTTY Session and save the session. Once the session is saved, login to the ssh server by clicking the ‘Open’ button at the bottom. A window will popup asking for your login credentials. Login to the server to enable the port forwarding.

Configuring the FTP client

We are done with the SSH client and we can now proceed to configure the Filezilla FTP client. Launch Filezilla and navigate to Edit -> Settings. A settings window will popup, look for the ‘Generic proxy’ setting under Connection -> FTP. Set the proxy type, proxy host, proxy port to “SOCKS 5”, 127.0.0.1, 1080 respectively as shown below. Once done, click on the OK button to save the settings.

FileZilla FTP proxy

Connect to the FTP server from FileZilla using the actual IP address of the server to start your FTP session.

FileZilla FTP SOCKS proxy

Viola! You can now FTP files over SSH.

ibrahim = { interested_in(unix, linux, android, open_source, reverse_engineering); coding(c, shell, php, python, java, javascript, nodejs, react); plays_on(xbox, ps4); linux_desktop_user(true); }