Dovetailed Technologies

1. Introduction

Despite its popularity, the venerable FTP protocol can be difficult to implement securely[1]. With traditional FTP, userids, passwords, and data are sent in the clear over the network. FTPS (FTP over SSL or TLS) is one solution, but can be difficult to implement in the presence of some firewalls and NAT routers since FTP creates separate data connections to dynamically determined ports. SFTP, part of the SSH protocol stack, is an alternative but conversion of existing jobs and systems from FTP to SFTP can be prohibitive.

The Co:Z FTP-SSH Proxy is another alternative: it implements FTP over SSH without SFTP[2]. The existing FTP client and server remain unchanged except that the client is configured to use Co:Z FTP-SSH as a SOCKS5 proxy.[3] Co:Z FTP-SSH dynamically proxies FTP connections over SSH to an SSHD server running on the target host. The required client changes can be made without affecting existing FTP jobs or scripts. In addition, since all connections between the client and server are tunneled through a single secure SSH connection, the firewall and NAT router difficulties that commonly plague FTPS (FTP over SSL or TLS) are avoided.

Figure 1.1. Co:Z FTP-SSH Proxy

Co:Z FTP-SSH Proxy

1.1 Features

  • Works transparently with most FTP clients that support SOCKS5 proxies, including z/OS.

  • Works transparently with existing FTP servers. No changes are required on the server host if it is already running SSH.

  • Co:Z FTP-SSH Proxy is 100% pure Java and compatible with Java 1.4 or above. It may be run on z/OS or on other Java platforms and on z/OS it exploits zAAP engines.

  • Simple to install, configure, and use.

  • Available free in under the Apache V2 license.

1.2 System Requirements

  • Java SDK version 1.4 or later

  • FTP client with SOCKS 5 support

Copyright© 2009-2017 Dovetailed Technologies, LLC. All rights reserved.
Co:Z® is a registered trademark of Dovetailed Technologies, LLC.