Windows FTP over SSH

We have quite a lot of scripts that are used to upload and download files with a vendor on the Internet using the Windows supplied ftp.exe. This is proxied via SideWinder and is FTP out to the vendor, however they support SFTP.

We make use of ftp -s:filename which Specifies a text file containing FTP commands; the commands will automatically run after FTP starts.

ftp -n -s:dir\filename.ftp proxy.example.com

What we would like to do is tunnel this over the Windows supplied ssh.exe so that we can eliminate the SideWinder proxy and continue to use the existing filename files for the FTP commands.

Is this possible using the Windows supplied ssh.exe and ftp.exe and what would be the configuration?

I do know that there are SFTP programs out there for free. We're trying accomplish this with minimal changes to the existing system. Hopefully it is as simple as an SSH connection in the script prior to the FTP connection and operations.


Solution 1:

I know this is not the answer you want, but I strongly recommend switching to SFTP.

First of all, SFTP is a different protocol, it's not just FTP over an SSH tunnel. So proxying ftp.exe over ssh.exe won't work, unless you want to access an FTP server behind an SSH tunnel.

Personally, I'd recommend switching to WinSCP, it's free, it has a very good Powershell support, so you could easily write a PowerShell script to parse your current file and execute the required commands using WinSCP instead.

Solution 2:

SFTP isn't quite the same as just tunneling FTP inside SSH, its actually an extension to the SSH protocol.

In theory, an FTP connection to a host could be tunneled via a separate SSH tunnel. To do this, you should first establish a tunneled network connection to the server with the ssh.exe and then use the existing commands for ftp.exe to do your file transfers. This would however make the system rather complicated.

I'd recommend using an SFTP client instead. This way the secure filetransfer can be done with a single command. The existing text files for FTP commands may require some updating though, as not all FTP commands are the same for SFTP.

There are several 3rd party SFTP clients available and recent Windows versions even have OpenSSH client as an optional feature.

If you don't mind using SSH keys for authentication, I'd just use the built-in OpenSSH SFTP client:

sftp.exe -b sftp-commands.txt example.com

If using SSH keys is not an option, another popular client is WinSCP, which also supports password authentication. There is even a guide for converting old ftp.exe batch commands for WinSCP and SFTP.

Also, even if the vendor's server supports SFTP it doesn't necessarily mean that it also supports all SSH features. Though SFTP uses SSH as its underlying protocol, many SFTP providers restrict SSH to only SFTP usage due to security reasons. This could effectively rule out the use of separate SSH tunneling for FTP.