Setting Up An FTP to SFTP Tunnel
Accessing SFTP-Only servers with normal FTP clients
When you need to transfer files to or from a server, FTP has been the client of choice. However, since it sends your userid and password (and the content) across the network in plain text, it is highly insecure. Duke requires that servers run SFTP instead which encrypts all traffic between you and the server.
While SFTP capable clients are widely available (SSH.com, Filezilla, MacSFTP, sftp on *nix), publishing programs like Frontpage and Dreamweaver have been slow to adopt it. Instead they still require you to use FTP to update your website.
To get around this, you must setup a FTP to SFTP tunnel. This allows FTP clients to send/rcv data over SFTP.
The software that allows you to do this is called MindTerm and can be downloaded from AppGate Software This is a Java based client so it can be run on any platform
You will also need to ensure you have a recent Java Runtime Environment from Sun Microsystems We recommend the latest v1.3.1 JRE which can be downloaded here NOTE Most recent systems already have a usable JRE installed. Only upgrade your JRE if you have trouble running MindTerm.
Unzip/Untar the mindterm software and store it in the following directory:
Windows 2K and up: "C:\Documents and Settings\(userid)\mindterm"
Mac OS X: TBD
*nix: ~/mindterm
You will need to create a preferences file that describes the tunnel you wish to create. All configuration files must be saved in the mindterm folder you created above. Name the file something simple since you can have more than one tunnel config file and you choose them by name. In this case, we'll use "prattweb.mtp" The file MUST end with .mtp
The syntax for prattweb.mtp would be:
# MindTerm SFTP Tunnel config file for PrattWeb
sftpbridge-port=2023
username=prattweb
sftpbridge-host=localhost
protocol=auto
server=www.pratt.duke.edu
In your file, replace 'prattweb' with your account userid. If you are setting up a tunnel for a server other than prattweb, change the 'server' setting to the hostname of the SFTP server you need to access.
The port # can be any port number > 1024. You can have multiple tunnels up at once so choose a unique port number for each tunnel config you create So if you have 3 SFTP servers you access a lot, they should use 3 different port numbers.
Once you have saved this file, you are ready to start up the tunnel. Note you only configure things once, after that you only have to perform the following steps to establish the tunnel.
Find the 'mindterm.jar' file and either Double Click it (Windows/Mac) or run it using java mindterm.jar (*nix)
This will bring up the mindterm window. Enter the name of the config file without the .mpt suffix when asked for "SSH Server/Alias"
If MindTerm can connect, you will be prompted for a userid and password.
If this is the first time you connect to a server, you will be prompted to accept it into your 'list of known hosts' Click Yes. If you login successfully, you will get a popup saying 'Starting ftp to sftp bridge on localhost:xxxx' where xxxx is the port number you chose.
You now have a working FTP to SFTP tunnel. As long as MindTerm is running, the tunnel can be used (i.e. you don't have to login every time you transfer files - only when you logout/restart)
Now you need to setup your client. For example, in Dreamweaver you select 'FTP' for the remote access type and instead of the server hostname, you put localhost:xxxx where xxxx is the unique port you chose. The userid and PW aren't necessary as you already logged in with the tunnel. Set the userid to Anonymous if you like.
Any other FTP client simple use the following information:
UserID: anonymous
Host: localhost:xxxx
Port: 21
Note that tunnels stay up until you close them or log out. Leaving a tunnel up while you are away from your computer is insecure if your workstation isn't secured with a screensaver password, etc. Someone could sit at your workstation and access files over the established tunnel.
That's it! You can now use any FTP client or FTP enabled application to access SFTP-Only resources!