TechNote

Creating an SSH tunnel for secure authentication (Windows)

The Macromedia Dreamweaver FTP client can be used in conjunction with third-party Secure Shell (SSH) programs to provide secure authentication. For more background information about the SSH protocol and related technologies, see SSH and SSL encryption for FTP connections (TechNote 16159).

Important: This TechNote will not be beneficial for Dreamweaver MX 2004 customers, as Dreamweaver MX 2004 uses Secure FTP (SFTP) to transfer usernames and passwords securely across the network. In addition, SFTP in Dreamweaver MX 2004 also encrypts file contents during transfers. Unlike Dreamweaver MX's implementation of FTP over SSH, Dreamweaver MX 2004's implementation of SFTP requires no special configuration beyondchecking the SFTP option in the site definition dialog box.

Note: If you are unsure about which encryption protocol you should use, contact your server administrator or your Internet Service Provider for additional information. Macromedia does not provide support for third-party products; if you need additional information about your third-party product (beyond what is provided in this TechNote), consult the product's manufacturer, the manufacturer's website, or the software documentation.

Using PuTTY and the Dreamweaver FTP client together to provide secure authentication

This TechNote outlines the steps involved in setting up an SSH client on Windows and then configuring Dreamweaver to work with this SSH client for secure authentication. In the method described in this TechNote, the SSH client first establishes the secure connection (the "tunnel") and then the files are transferred using the Dreamweaver Site window. Note that this method provides encryption of login and password information only. Site files will be transferred as plain text. Due to improved SSH integration in Dreamweaver MX, separate configuration of the SSH client is no longer required. If using Dreamweaver MX, please refer to theDreamweaver MX specific instructions below.

Note: The method suggested in this TechNote requires that the server be configured to support FTP.

Below you will find information on preparing, configuring, and troubleshooting SSH for use with Dreamweaver:

• Initial preparation
• Setting up the secure tunnel in PuTTY
• Setting up the Dreamweaver FTP client
• Using SSH in Dreamweaver MX
• Determining if a port is available
• Troubleshooting FTP error messages
• Third party software for additional security

Initial preparation

The following items are prerequisites if you intend to use an SSH client and Dreamweaver's (versions 1 to 4) FTP client together. For Dreamweaver MX specific instructions, please see Using SSH in Dreamweaver MX below.

• An SSH client that supports SSH port forwarding
  In order to create the tunnel, you need an SSH client that supports SSH port forwarding. Although there are several commercial and shareware SSH clients to choose from, this TechNote uses PuTTY, which is available for download at the PuTTY website.
• A login account on an SSH server:
  Before attempting to follow the steps below, you will need an SSH account on the remote web server. Consult your Internet service provider (ISP) or server administrator to set up the SSH login account.

Setting up the tunnel in PuTTY

1. Download Putty and save the .exe file to the local hard drive.
2. Locate the putty.exe file and launch the software by double-clicking the icon. This will launch the PuTTY Configuration dialog box.
3. Click the Session category. In this category do the following:
   1. Type the host name or IP address of the web server that is running SSH in the Host Name text box.
   2. Select the SSH protocol option.
   3. Name the session in the Saved Sessions field.
   4. Click Save.
   
4. Click the Connection category and then expand the SSH category and select Tunnels. In the Tunnels subcategory you will enter the Source port (local port) and destination information:
   1. In the Source port field, enter an arbitrary local port number that is not in use (see Determining if a port is available for more information). An example of a Source port would be: 2021
   2. In the Destination text box type the host name or IP address followed by a colon (:) and the FTP port number (port 21 is the default FTP port). An example of a Destination information would be: 12.02.0.10:21
   3. Make sure the 'Local' option is selected.
   4. Click Add.
   
5. Click the Sessions category and then click Save to save tunnel settings for the session.
6. Click Open to start an SSH session. Enter your user name and password when prompted. In order to FTP through the SSH tunnel using Dreamweaver, an SSH session must be in progress.

   Note: A message may appear when connecting to a host for the first time. This warning occurs when connecting to a new host. This warning can also occur when changes have been made to a previously saved connection.

Setting up the Dreamweaver FTP client

1. Select Site > Define Sites to open the Site Definition dialog box. Select the desired site and click Edit.
2. Click the Remote Info category. Click the Access pop-up menu to select FTP as the access type. In the FTP Host field, enter: localhost:2021.

   In the Host Directory text box, enter the path to the directory that contains the remote site files. This entry will be the same as if you were connecting directly using FTP.

   
3. Select the "Use Passive FTP" option.
4. Click OK to save the changes. Click Done on the Define Sites dialog box.
5. Click the connect icon in the Site window to connect to the remote site.

   Note: It is important to remember to exit the SSH session when the desired FTP file transfer is complete. If the SSH session has not been terminated, an active connection with the SSH server will still exist. To end the SSH session, type "exit" in the Putty window.

Using SSH in Dreamweaver MX

1. Download PuTTY (putty.exe) and PLink (plink.exe) from the link below:

   PuTTY and SSH integration with Dreamweaver MX

   Note: For added security, there are some third parties that can be used in place of PuTTY and PLink. To learn more about these software, click here.

2. Create a new folder in the configuration folder which is at the root of the Dreamweaver MX application folder. Name this folder"SSH". For example: C:\Program Files\Macromedia\Dreamweaver MX\configuration\SSH.
3. Place copies of the PuTTY and PLink executables in the new"SSH" folder.
4. Select Site > Edit Sites to open the Edit Sites dialog box. Select the desired site and click Edit. Select the Advanced tab, choose the Remote Info category and enter the following information:
   1. Choose FTP in the Access pop-up menu.
   2. In the FTP host field, enter the host name or IP address of the server to which you would like to connect.
   3. In the Host Directory text box, enter the path to the directory that contains the remote site files. This entry will be the same as if you were connecting directly using FTP.
   4. Check the "Use SSH encrypted secure login" checkbox.

      Note: Choosing this option will automatically enable Passive mode and the Use Passive mode option will be selected. Although this option can be deselected, Passive Mode is required when using SSH on Windows.

   By default, Dreamweaver MX uses port 2000 as the local port number when creating the SSH tunnel. To specify a different port number, enter the desired number in the Port Number field. For more information about how to choose a port number, please see Determining if a port is available.
5. Click OK to close the Site Definition dialog box then click Done to close the Edit Sites dialog. Click the connect icon.
6. A command window will appear, prompting you to enter a username and password to create the SSH session. After entering username and password, click OK in the Dreamweaver dialog box that appears to confirm that SSH login is complete. Dreamweaver will then connect automatically using FTP.

   When disconnecting, a dialog will appear:

   "An FTP session for (name of site) has been closed, reset or canceled. If this failure occurred while attempting to connect, it may be due to an unsuccessful SSH login attempt. Do you want to terminate the SSH session?"

   Although this dialog can appear as the result of an unsuccessful attempt to create an SSH session, it will also appear each time an FTP session is closed or if the FTP connection has timed out. To re-establish the FTP connection, click the connection icon. If an SSH session is still open, you will have the option of using the open session. If no SSH session is open, a command line window will appear prompting you to enter your login and password.

Determining if a port is available

1. Locate the Services file and open it with a text editor such as Notepad. The path to this file will vary depending on the version of Windows in use.

    Windows XP:          C:\windows\system32\drivers\etc\services  Windows NT and Windows 2000:          C:\winnt\system32\drivers\etc\services  Windows 9x and Windows ME:          C:\windows\services 

2. Right-click on the Services file and choose Open With from the contextual menu.
3. In the Open With dialog box, choose a text editing application such as Notepad to open this file.
4. Review the list of port numbers that are in use to determine which ports are available.

Troubleshooting a potential FTP error message

When you attempt to transfer files through an SSH tunnel, the following error message may appear:

An FTP error occurred - cannot get remote folder information. 425 possible PASV port theft, cannot open data connection.

This error is common and occurs due to restrictions on the FTP server. To prevent this error, consult the FTP server configuration instructions or speak to the server administrator or ISP. Configuration will differ depending on the FTP server used:

• If you are using the ProFTPD FTP server, add the "AllowForeignAddress on" directive to the Virtual Address section of the configuration file.
• If using the WU-FTPD FTP server, add the following lines to the configuration file:

  pasv-allow all + valid IP address
  port-allow all + valid IP address

• If using another FTP server, please consult configuration documentation or speak to your server administrator or ISP.

Third party software for additional security

If you require additional encryption when transferring files, third party software compatible with Dreamweaver is available for purchase. One of these products is South River Technologies'WebDrive, which supports FTP, WebDAV and FrontPage access. If FTP is used with SSH within WebDrive, the connection will be secure. Refer to WebDrive's website for full details on what is encrypted during FTP transmissions. The following steps will help you setup WebDrive for use with Dreamweaver.

1. Launch WebDrive and click the New Site button to create a new profile in WebDrive. A wizard will appear that will walk you through the site setup. Once the site is initially setup, it should look similar to the screen shot below:

   

   The Server Type should be set to FTP. The Drive should be set to a drive letter that is available to you. In the example above, W: was chosen arbitrarily. The Anonymous/Public Logon checkbox should be unchecked.

2. Next, click the Advanced button. The next several screen shots show some of the Advanced settings. The first screenshot is of the Advanced tab:

   

   The Root Directory should be set to: /usr/local/apache/htdocs
   (The root directory of the Apache Web Server. In this case, when the FTP account connects to the web server, the default home directory is set to /home/username. Therefore, the Root Directory must be set so that once connected to the FTP server, it immediately redirects to the directory: /usr/local/apache/htdocs.)

3. Click the FTP tab, as shown below:

   

   The "Convert Upload File Names To:" setting should be set to"Don't Convert". You do not want to change the filename when uploading files to the server.

4. Next, click the Encryption tab, as shown below:

   

   The FTP Method should be set to "SSH". The "SSH URL / Address" should be set to the name of the server where SSH is running. This information will be used to connect to the FTP server securely.

5. Click the OK button to exit out of the Advanced settings. You should now be back at the main WebDrive dialog box, as depicted in the first screen shot above. You can now click the Connect button to connect to the FTP server using the SSH connection.

If the connection is made successfully, the W: drive will be available for use. The W: drive is very similar to any shared drive/folder that you map to on your LAN. It can be accessed using Windows Explorer, which means files can be dragged to-and-from folder-to-folder. The connection remains active until you disconnect. Next you need to configure Dreamweaver MX to use the W: drive (or which ever drive you selected). In Dreamweaver's site definition, in both the Remote Info and Testing Server categories, set the Access to Local/Network and set both the Remote Folder and the Testing Server Folder to the W: drive.

For those of you who use Macintosh OS 9 or higher, there is an application called Interarchy by Kagi that is available to create a secure connection between your workstation and your FTP server. Unfortunately, we have not evaluated this application.

Note: Every time you connect to the FTP server with WebDrive, you should use the drive letter you selected originally, because the Dreamweaver site definition will have that drive letter hard coded in it. Otherwise, you will need to edit your Dreamweaver site definition and change the drive letter there.

Note: Macromedia does not provide support for WebDrive or Interarchy. If you need help configuring or would like to evaluate WebDrive or Interarchy, please visit their websites at http://www.webdrive.com/ or http://www.interarchy.com.

Additional information

To learn more about secure file transfer options, please see:

• SSH and SSL encryption for FTP connections (TechNote 16159)
• Creating an SSH tunnel for secure authentication (Macintosh) (TechNote 16143)

For more information about configuring the Dreamweaver FTP client, see Setting up Dreamweaver's FTP connection (TechNote 14787).

Third party links
Although links to external websites are provided as a resource, the websites are not part of Macromedia. Please see Macromedia's policy regarding links to third party websites in the Legal Notices and Information section. Pages to external ebsites will open in a new browser window.

Search Support

---