Hello.
I want my users connecting to FTP service via SSH. Is it possible? I mean is that I write rule that when users SSH to my server and Authentication then they forward to FTP automatically.

Thank you.

Why not just use SFTP instead of making things difficult for yourself?

1 members found this post helpful.

Not easily.
https://docstore.mik.ua/orelly/netwo...sh/ch11_02.htm

SFTP was developed for that.

jlinkels

Do I understand the you run the FTP server and you want to let SSH users access it? Can't you serve up the same directory with both FTP and SSH? That way, there would be no special setup, just two daemons serving content as usual. And SSH automatically gives you SFTP.

you COULD create an ssh tunnel for ftp, however it would be more efficient to just use SFTP as has been stated prior, since SFTP clients exist for almost any conceivable operating system, and the SFTP daemon is installed alongside the SSH daemon (part of the openSSH package)

Use SFTP, if you already have ssh why bother with another protocol?
SFTP is hands down better, it is secure by design and uses only 1 port, very easy to NAT.

1 members found this post helpful.

Or maybe FTPS. http://opensourceforu.com/2015/03/se...rver-in-linux/

Is "SFTP" the most secure FTP daemon?
If I want do it then what is the iptables rules?

Nope. SFTP is not an FTP daemon at all, it is an entirely different protocol from FTP. Only the name bears some similarity. It is the secure way to transfer files, however, if that's what you'r asking.

SFTP operates over SSH so if your iptables rules allow SSH, then SFTP will work via the SSH daemon with no additional firewall rule changes needed. If you wish to turn off SFTP and leave just SSH, that is possible. If you wish to turn off the interactive shell in SSH and leave just SFTP that it possible, too.

FTPS = Secure FTP = FTP file transfer with an added encryption layer. Since this is an add-on certain software implementations can have issues (i have seen it fail quite a few times).
SFTP = Secure Shell File Transfer Protocol = file transfer using the SSH protocol. It is a built in component of SSH (it is enabled by default on desktop on Linux/Mac and nowadays smarter switches/routers use it too). It is secure by design and it is more easily manageable than FTP from the network point of view (the data is transferred over the same SSH port).

SFTP is what I would recommend – or, better yet, rsync --rsh=ssh.

These protocols use an SSH connection to secure the file transfer. "rsync" has the added advantage of being a synchronization engine. (Point it at two directories and tell it, "make them the same.")

Now, for routine connections among systems that just happen to be connected to the Internet, I would use OpenVPN with the tls-auth to build a "Dwarvish Door" between the two machines. This is a completely secure connection which cannot be detected(!) by those who would conspire to do mischief. The remote system appears to be connected to your internal network, yet everything that passes between the two machines is encrypted with no further attention needed from you.

OpenVPN in this capacity acts as a cryptographically secure TCP/IP router. (Or, bridge.) It exposes no "open ports" and ignores a strangers' attempts to talk to it. You might still use SSH for the convenience of password-free connections but you would not expose your SSH daemon to the outside world: only users of the OpenVPN tunnel could see it. ("Number of unauthorized access attempts: Zero.")