You are on page 1of 3

How to transfer files over an SSH connection

This HOWTO focuses on the situation where the user connects from a Windows machi
ne using TeraTerm with the SSH extension. The server is assumed be a Unix-like m
achine which will only accept SSH connections from the client.
In most of the examples, the server is assumed to be named "remote," the local m
achine to be named "local," and the file to be named "foo."
Samba
This ducks the entire issue. For a permanent installation, Samba is the way to g
o. Samba is a fantastically useful program which allows files residing on a unix
machine to be shared with Windows machines. The Unix machine will appear in the
Network Neighborhood, and fine-grained control is available to select which fil
es are available to which users. Printing support is also provided. Samba has to
be installed by the system administrator. Be sure to run NT service pack 3 or a
bove, Windows 98, or recent upgrades to Windows 95, otherwise your password will
be leaked to the network. Also, be sure to enable encrypted passwords in Samba,
otherwise it will not be able to talk to the Windows clients.
Samba can be installed by your system administrator
SCP
If you're connecting from a unix-like machine to a unix-like machine, this HOWTO
is not for you. Your situation is much easier. Use the command "scp" which is a
nalogous to the more common "rcp." If you want to copy the file "foo" to the mac
hine "remote" you would issue the following command:
scp foo remote:
Note the colon at the end of the line. If you omit the colon, you will just make
a local copy of the file named "remote."
See the man page on scp for more information.
Modem-Style Transfer Programs
One way to transfer files over an SSH connection is to use modem-to-modem transf
er protocols like kermit or xmodem. This is probably the easiest to set up. All
the communication which would normally take place between two modems is piped th
rough the SSH connection. There's a lot of extra overhead to this technique, so
it may not be the best for large files over slow connections.
Of the available options, ZModem is probably the easiest to use.
ZModem: Uploading Local to Remote
From the command line on the remote machine, type "sz filename" You can specify
multiple filenames on the same command line. You will see some garbage appear o
n the screen. This is the sz program waiting to hear the correct response. Your
screen will look approximately like this:
[zager@marge zager]$ sz foo
*B00000000000000
From the File menu in TeraTerm, select Transfer|ZMODEM|Receive. The file transfe
r should begin.
ZModem: Downloading Remote to Local
From the command line, type "rz" You do not need to specify a filename. rz will
produce some garbage on the screen. Your screen will look approximately like th

is.
[zager@marge zager]$ rz
z waiting to receive.**B0100000023be50
From the File menu in TeraTerm, select Transfer|ZMODEM|Send... You should see a
standard Windows file selection dialog. Select the file(s) you would like to sen
d, click the "Open" button. The transfer should start
If something goes wrong with the transfer, sz and rz should both time out eventu
ally. Pressing Control-C, Control-Z, and otherwise pounding on the keyboard has
little effect.
sz and rz are programs which can be installed and run as a regular user. No spec
ial priviledges are required.
FTP
It is much harder to
do this is that you
enjoy using, and use
e encouraged to take
Overview

configure FTP to work over an SSH connection. The reason to


have some nifty graphical FTP clients on your PC which you
often. That will make it worth the setup. Otherwise, you ar
a second look at the section above.

The SSH protocol includes a feature known as "port-forwarding." This allows a ne


twork connection which looks like it begins at one end of the SSH connection to
be sent through SSH to the remote end, and passed on elsewhere. We will tell the
LOCAL machine to listen for an ftp connection, then forward that connection to
the REMOTE machine. Then, to make use of this new link, we will tell our FTP cli
ent to connect to the LOCAL machine instead of the REMOTE one.
Preconditions
The remote server must be configured to allow ftp connections from itself, even
though it does not allow connections from the outside world. The system administ
rator will have to do this. It may also be possible for you to run your own rene
gade ftp server on a non-priviledged port.
Your ftp client must support passive mode. The default ftp clients in Windows 95
and Windows NT do not support passive mode. The fancier ftp programs generally
do. Internet Neighborhood, available at http://www.knoware.com is a nice ftp pro
gram which does support passive mode.
You must have the SSH plug-in version 1.4 or higher. Maybe version 1.3 would wor
k, I never saw it. But version 1.2 does not support port forwarding.
Configuring TeraTerm-SSH
Select the TeraTerm menu option Setup|SSH Forwarding... If you do not have an op
tion "SSH Forwarding..." under your Setup menu, then you need to upgrade your ve
rsion of the SSH plugin.
Click on the Add button
Forward from the local port "ftp" to the remote machine "remote" , port "ftp."
Click on the Ok button
The "Port Forwarding" list should now have one entry: "Local 21 (ftp) to remote
"remote" port 21 (ftp)."
Click on the Ok button
Select the menu option Setup|Save Setup... to make your changes permanent.
Configuring your FTP Client
The particulars of how to do this will vary with your FTP client. But there are
two major steps:
Tell your ftp client that you want to connect to "localhost" This is counterintu
itive. Remember, the port forwarding is going to magically transmit this connect
ion to the other end, so it's ok.
Tell your ftp client to use passive mode. This may be under settings labeled "ad
vanced" or "firewall." If you are able to log in with your username and password

, but are not able to transmit any data, then you have not enabled passive mode.
Once you have done these two steps, you should be able to use the ftp client nor
mally to connect to the remote site.
Special Case: Running an FTP server on the Client
If you are already running an FTP server on the client, then you have a couple e
xtra steps to do. SSH will not be able to set up its port forwarding since your
ftp server will already have control of the ftp port. The solution is to use a n
on-standard port for the ftp connection.
When configuring Tera-Term SSH, instead of forwarding from the port "ftp," pick
a free port. You really should check what ports are free, but a number like 5432
1 might be safe. The number should be over 1000 and less than 65536.
When configuring the FTP client, look for a "port" option and set that to the sa
me port as you set for SSH. This is likely be be near where you set the name of
the machine to which you connect. (Which you set to "localhost," right?) There i
s also probably a "port" option near firewall settings, but this is probably not
what you're after.
Other Tricks
Forwarding Mail Connections
The standard POP and IMAP mail protocols blab your username and password in clea
rtext, just like ftp would. If you use mail programs like Eudora, Outlook, or Ne
tscape Messenger, your password is probably being leaked. You can do a similar t
rick of forwarding POP, POP3, or IMAP traffic through SSH to secure these connec
tions. Note that you will need to have an SSH window open to the server in order
to check your mail.