remote ftp

frost

I build websites and have a dedicated server with Hetzner in Germany, where my business partner & meself host most of our customer sites.

Hetzner also provide free backup space on a remote box, so we've set our web server to do backups onto the remote box via FTP.

All looks good except the ONLY access we are allowed to this remote backup box is via FTP from the dedicated server. That is, we can't FTP to it from anywhere else, like our iMacs sitting here in Ireland.

So in order to see or get copies of the backup files, I think I need to SSH into the dedicated server, run FTP from that server and connect to the backup box, andtransfer the backup files I want back to the dedicated server. Then if I want those files on my local machine I can FTP from my iMac to the dedicated server.

This is a pretty convoluted process for my busienss partner, who's a designer and not that technical. I can just about handle it but I'm not that comfortable with Linux so would also prefer an easier solution.

So what I'm hoping is that one of you Unix gurus can either suggest GUI tools and/or scripts we could use to avoid or cut down on the need for using Terminal (command line).

In case it isn't clear, here's a diagram:

iMac IRELAND --> Dedicated server GERMANY --> Backup server GERMANY

suggestions very welcome!
mike

DualFrontDiscs

This refers to remote-to-remote transfers.

I haven't used it, but it might help?

DFD.

Actually, I don't think it will do what you want

Jonathan

Open terminal on the iMac, and type:

ssh user@hetzner.de -L2121:remotebackup:21

Now go to filezilla and enter localhost:2121 as your server address.

So simple, even a designer with an iMac can do it.

frost

Jonathan wrote: »

Open terminal on the iMac, and type:

ssh user@hetzner.de -L2121:remotebackup:21

Now go to filezilla and enter localhost:2121 as your server address.

So simple, even a designer with an iMac can do it.

Ok that sounds great. I've tried it using the following from a mac:

ssh root@MYDOMAIN.IE -L2121:THE-BACKUP-DOMAIN.DE:21

This gives me

root@MYDOMAIN.IE's password: <I ENTERED IT HERE>
Last login: Thu Sep  8 16:17:29 2011 from 92.251.130.187.threembb.ie
root@server [~]# 

I then go to Filezilla & try connection to localhost 2121, specifying the username and password for my backup FTP account. At this point I'm getting credential failure, see below:

Status:	Resolving address of localhost
Status:	Connecting to [::1]:2121...
Status:	Connection established, waiting for welcome message...
Response:	220 ProFTPD 1.3.3e Server (Hetzner Backup) [::ffff:188.40.5.163]
Command:	USER <***my user name***>
Response:	331 Password required for <***my user name***>
Command:	PASS *****************
Response:	530 Login incorrect.
Error:	Critical error
Error:	Could not connect to server

I'm certain I'm entering in the username and password correctly (copying and pasting) so any suggestions what I've got wrong?

frost

Just confirming that I can get in directly using the same userid and password:

my-macbook:~ mike$ ssh [email]root@MY-DOMAIN.IE
root@MYDOMAIN.IE[/email]'s password: ***PASSWORD ENTERED***
Last login: Thu Sep  8 22:16:23 2011 from 92.251.255.7.threembb.ie
root@server [~]# ftp
ftp> open
(to) BACKUP-DOMAIN.DE
Connected to BACKUP-DOMAIN.DE (188.40.5.163).
220 ProFTPD 1.3.3e Server (Hetzner Backup) [::ffff:188.40.5.163]
Name (BACKUP-DOMAIN.DE:root): USER-NAME
331 Password required for USER-NAME
Password: ***PASSWORD ENTERED***
230 User USER-NAME logged in
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> 

frost

ok my bad, when i pasted the password i must have included the end of line character. i manually typed it in and it works, so i can get in but am stuck here:

Status:	Resolving address of localhost
Status:	Connecting to [::1]:2121...
Status:	Connection established, waiting for welcome message...
Response:	220 ProFTPD 1.3.3e Server (Hetzner Backup) [::ffff:188.40.5.163]
Command:	USER MY-USER-NAME
Response:	331 Password required for MY-USER-NAME
Command:	PASS ****************
Response:	230 User MY-USER-NAME logged in
Command:	SYST
Response:	215 UNIX Type: L8
Command:	FEAT
Response:	211-Features:
Response:	 MDTM
Response:	 MFMT
Response:	 TVFS
Response:	 AUTH TLS
Response:	 MFF modify;UNIX.group;UNIX.mode;
Response:	 MLST modify*;perm*;size*;type*;unique*;UNIX.group*;UNIX.mode*;UNIX.owner*;
Response:	 PBSZ
Response:	 PROT
Response:	 REST STREAM
Response:	 SIZE
Response:	211 End
Status:	Connected
Status:	Retrieving directory listing...
Command:	PWD
Response:	257 "/" is the current directory
Command:	TYPE I
Response:	200 Type set to I
Command:	EPSV
Response:	229 Entering Extended Passive Mode (|||4136|)
Command:	MLSD
Error:	Connection timed out
Error:	Failed to retrieve directory listing

Jonathan

Humm. Just remembered FTP uses multiple ports.

Port 21 is used for the Control channel but an additional port is used for the Data channel.

Port 20 was used historically but nowadays an arbitrary port is used.

You can try using the following line which will forward the data port too, but I don't think it will work.

ssh user@hetzner.de -L2121:remotebackup:21 -L2120:remotebackup:20

Let me have a ponder. There are definitely ways to do it, I'm just trying to simple ways of doing it.

Knasher

If the FTP client you are using supports socks then you could use ssh

ssh -D 9999 username@german-server

.
Then set the ftp client to use the socks server at localhost:9999 and connect to the ftp server as you would if it were publicly accessible.

Technicolour

Set up a TCP tunnel over SSH.
See here: http://www.spencerstirling.com/computergeek/sshtunnel.html

Alternatively, you could create a TCP tunnel in C or something, but it wouldn't be encrypted.

stesh

Technicolour wrote: »

Set up a TCP tunnel over SSH.
See here: http://www.spencerstirling.com/computergeek/sshtunnel.html

Alternatively, you could create a TCP tunnel in C or something, but it wouldn't be encrypted.

FTP often doesn't play well SSH tunnels, since forwarding TCP 21 will only tunnel the control channel of the connection. TCP 20 is often (but not always) used as the data channel, so you will at least need to forward it also.

Why can't you use/why aren't you using SFTP?

Jonathan

Knasher wrote: »

If the FTP client you are using supports socks then you could use ssh

ssh -D 9999 username@german-server

.
Then set the ftp client to use the socks server at localhost:9999 and connect to the ftp server as you would if it were publicly accessible.

Yeah will work, but I was trying to avoid having to get them to edit the proxy settings as it might mess up other ftp connections they might use.

Technicolour wrote: »

Set up a TCP tunnel over SSH.
See here: http://www.spencerstirling.com/computergeek/sshtunnel.html

Alternatively, you could create a TCP tunnel in C or something, but it wouldn't be encrypted.

That's what I posted above.

frost

Jonathan wrote: »

ssh user@hetzner.de -L2121:remotebackup:21 -L2120:remotebackup:20

Ok I tried that with both ports and get the same result "Connection timed out"

croo

That is, we can't FTP to it from anywhere else, like our iMacs sitting here in Ireland.

If you can ssh into the box surely you can scp with it?
And most ftp clients allow you to select ssh as the protocol, so then you can just use an ftp client on your imac and pull down the files as you preferred.

frost

croo wrote: »

If you can ssh into the box surely you can scp with it?
And most ftp clients allow you to select ssh as the protocol, so then you can just use an ftp client on your imac and pull down the files as you preferred.

no there's two different boxes. i can access the web server directly from my imac, but i CAN'T access the BACKUP server from here.

Jonathan

frost wrote: »

no there's two different boxes. i can access the web server directly from my imac, but i CAN'T access the BACKUP server from here.

But can you scp from your hetzner box to your remotebackup box?

stesh

frost wrote: »

no there's two different boxes. i can access the web server directly from my imac, but i CAN'T access the BACKUP server from here.

Can you get ssh to the backup server from the web server?

Then

sftp -oProxyCommand="ssh webserver nc -w 1 %h %p" backupserver

frost

croo wrote: »

If you can ssh into the box surely you can scp with it?
And most ftp clients allow you to select ssh as the protocol, so then you can just use an ftp client on your imac and pull down the files as you preferred.

Sorry, I'm not that familiar with Linux and misunderstood you.
Can you explain a bit more what exactly I would do from start to finish on my Mac?

MacGyver

what about having something like http://www.ajaxplorer.info/wordpress/ on your accessible server and set it up to connect to the remote server. None of that may make sense if ive misunderstood what you requested

croo

frost wrote: »

no there's two different boxes. i can access the web server directly from my imac, but i CAN'T access the BACKUP server from here.

I understand now. I had misunderstood. My bad. I thought you might be able use something like filezilla to use the ssh protocol to go direct to the backup server.

You say from the webserver there is only ftp access to the backup server... there is definitely no ssh between webserver and backup? Because if there is then stesh's proposal re the proxycommand looks like the best option. Though I don't know any ftp client that supports it so it might still be a command line solution.

Check this link for a good explanation of what stesh is proposing
http://sshmenu.sourceforge.net/articles/transparent-mulithop.html
SSHMenu is an open source app but just ignore it... the bit we are interested in is how the article proposes to use the ./ssh/config simplify access.

I note from it that under ubuntu the nautilis file manager supports ssh urls perhaps there is something similar on a mac... I've never used one so can't say.

PS. this might help with making the ssh easier to use with the GUI http://superjared.com/entry/mount-ssh-connection-os-x/

Knasher

Jonathan wrote: »

Yeah will work, but I was trying to avoid having to get them to edit the proxy settings as it might mess up other ftp connections they might use.

Then I'd suggest they use two different ftp clients, one just for the backup server and one generically.

Failing that as you have root access another option would be to mount the ftp server into a folder on the web server and then scp into that folder as you normally would. I've never used the ftp fuse module so I'm not sure if it keeps the connection constantly open or just when you are accessing it. If it is constant then the company might find it objectionable.

frost

MacGyver wrote: »

what about having something like http://www.ajaxplorer.info/wordpress/ on your accessible server and set it up to connect to the remote server.

That worked! Brilliant, all GUI.

Thanks to all on the thread, I appreciate your time and effort in figuring out ways to do this.