FTP (File Transfer Protocol) has long been the standard method for transferring files to and from a Unix server. FTP lets you transfer files from anywhere on the Internet. The problem with FTP is that it is not secure. In particular, it sends passwords in clear text, making them susceptible to hacking. To secure FTP transactions to an Amherst Unix server, you need to "tunnel" FTP through a secure connection to the server. The process is actually quite painless and will keep your file transfers from compromising the security of your Unix account.
To use the tunnel you need to have installed a Secure Shell (SSH) client. The College provides an SSH client for Windows; click here to learn how to install and configure the Windows SSH client.
The procedure to create a secure tunnel for FTP involves one-time setups of both the SSH client and WS_FTP, the free FTP client you can install from the WinSoft network drive (a.k.a. the "K" drive). Thereafter, you simply connect using the SSH client before you start an FTP transfer.
You create the secure tunnel by creating a new Profile in the SSH client.
- Run the SSH Client (go to Start/Programs/SSH Secure Shell and select Secure Shell Client). Click Profiles, then Add Profile.
- Enter a name--such as Tunnel to Unix--for the profile and click the Add Current Connection to Profile button.
- Click Profiles, then Edit Profiles.
- Select the profile you just created. Under the connections tab, for Host Name, enter romulus.amherst.edu. For User Name, enter your Amherst username. The Port Number should be 22.
- Under the Tunneling tab, be sure Outgoing is selected, and click Add.
- Setup your New Outgoing Tunnel as shown above. Make sure Allow Local Connections Only is checked. Then click OK.
- Click OK when you return to the Profile window.
- To initiate the secure tunnel, select it from Profiles. The first time you use the tunnel, you'll be asked to save a key to a local database. Click Yes, then enter your password when prompted. You've now established a secure tunnel to the Unix server that you can use to secure your FTP communications. You can now minimize the SSH window.In future, simply select the tunnel profile when you want to reestablish the tunnel.
- Your SSH tunnel must remain open for FTP Clients to utilize the tunnel. Do not close it until you have finished transferring files.
- Launch WS_FTP and click the Connect button (on the lower left of the window). Click New. In Profile Name, enter a descriptive name such as Secure FTP. Enter localhost for the Host Name/Address. Host type should be Automatic detect. In User ID and Password, enter your Amherst username and password of the account you want to connect to. This could be your personal account or a department or organizational account.
- Click the Advanced tab. Make sure the Remote Port is 21 and put a check next to Passive transfers.
- Click Apply, then OK to initiate the connection. If your SSH tunnel is active, you will get a screen like the one below. From here, you can transfer files between your local computer on the left and the Unix account on the right.
- When your finished transferring files, click the Close button. In future, click Connect in WS_FTP and then select the profile you just created in order to secure your FTP transfers.
To summarize, the procedure for securing your FTP transfers is:
- Launch the SSH client; select the tunnel profile; and log onto your Amherst account.
- Minimize the SSH client. Launch WS_FTP; if the session window doesn't appear, click Connect; select the Secure FTP profile; and click OK. After connecting, perform the file transfers.
- Close the connection and exit WS_FTP. Maximize the SSH client. Type exit in the window to close the tunnel.