TechNote

Creating an SSH tunnel for secure authentication (Macintosh)

The Macromedia Dreamweaver FTP client can be used in conjunction with third-party Secure Shell (SSH) software to provide secure authentication. For more background information about the SSH protocol and related technologies, see SSH and SSL encryption for FTP connections (TechNote tn_16159).

Important: This TechNote will not be beneficial for Dreamweaver MX 2004 customers, as Dreamweaver MX 2004 now includes Secure FTP (SFTP) capabilities, supporting the OpenSSH 3.5p1 protocol to transfer usernames and passwords securely across a network. In addition, SFTP in Dreamweaver MX 2004 encrypts file content during transfers. Unlike Dreamweaver MX's implementation of FTP over SSH, Dreamweaver MX 2004's implementation of SFTP requires no special configuration beyond checking the SFTP option in the site definition dialog box.

Note: If you are unsure about which encryption protocol you should use, contact your server administrator or your Internet Service Provider for additional information. Macromedia does not provide support for third-party products; if you need additional information about your third-party product (beyond what is provided in this TechNote), consult the product's manufacturer, the manufacturer's website, or the software documentation.

Using MacSSH and the Dreamweaver FTP client together to provide password and authentication protection

This TechNote outlines the steps involved in setting up an SSH client on the Macintosh and then configuring Dreamweaver to work with this SSH client for secure authentication. In the method described in this TechNote, the SSH client first establishes the secure connection (the "tunnel") and then the files are transferred using the Dreamweaver Site window. Note that this method provides encryption of login and password information only. Site files will be transferred as plain text.

Below you will find information on preparing, configuring, and troubleshooting SSH for use with Dreamweaver:

• Initial preparation
• Setting up the secure tunnel in MacSSH (Dreamweaver 4/ Macintosh OS 9.x)
• Setting up the secure tunnel in Terminal (Dreamweaver MX / Macintosh OS X)
• Setting up the Dreamweaver FTP client
• Troubleshooting a potential FTP error message

Initial preparation

The following items are prerequisites if you intend to use an SSH client and Dreamweaver's (versions 1 to 4) FTP client together. For Dreamweaver MX specific instructions, please see Setting up the secure tunnel using Terminal below.

• An SSH client that supports SSH port forwarding
  In order to create the tunnel, an SSH client that supports SSH port forwarding is needed. Although there are several commercial and shareware SSH clients to choose from, this TechNote uses MacSSH forMacintosh OS 9.x users and Terminal for OS X users in the configuration examples. MacSSH is available for download from the MacSSH site. Terminal is a command line interface utility that is included in Macintosh OS X.
  
  Note for Macintosh OS X / Dreamweaver MX users: If using an SSH client that must be run in Classic mode, Dreamweaver MX must also be run in Classic mode in order for the programs to work properly together. In order to use Dreamweaver MX running natively on Macintosh OS X, a carbonized SSH client should be used. Terminal runs natively on Macintosh OS X and requires no additional software.
  
• A login account on an SSH server:
  Before attempting to follow the steps below, you will need an SSH account on the remote Web server. Consult your Internet Service Provider (ISP) or Server Administrator to set up the SSH login account.

Setting up the secure tunnel in MacSSH (Dreamweaver 4 / Macintosh OS 9.x)

1. Download and install MacSSH.
2. Launch MacSSH and choose Favorites > Edit Favorites. Click New to create a new favorite.
3. Click the General tab and type a name in the alias field. This will be the name of the shortcut used to access this connection in MacSSH.
4. In the Host Name text box, enter the IP address or host name of the web server that is running SSH. Enter "22" (the default SSH port) in the Port text box or select SSH from the pop-up menu.
5. Click the SSH2 tab. Select Local TCP port forward in the Method pop-up menu.
6. In the Local Port text box, enter an arbitrary local port number that is not in use (port 2021 is used in this TechNote and should work if not in use). In the Remote Host text box, enter the IP address or host name of the Web server that is running SSH. Enter the FTP port number in the Port text (port 21 is the default FTP port).
7. Click OK to save changes and open the connection by selecting the alias from the Favorites menu (choose Favorites >your alias). In order to FTP through the SSH tunnel using Dreamweaver, an SSH session must be in progress before transferring files in Dreamweaver. Proceed to Setting up the Dreamweaver FTP client for instructions for setting up the Dreamweaver FTP client.
   
   Note: A message, such as "Host key unknown," may appear when connecting to a host for the first time. This warning occurs when connecting to a new host. This warning can also occur when changes have been made to a previously-saved connection. Click Accept to continue.

Setting up the secure tunnel using Terminal (Dreamweaver MX / Macintosh OS X)

When using Terminal to create the SSH tunnel, you enter a command that forwards a specific local port to port 21. Because port 21 (the default FTP port) is a privileged port, changing this port setting requires super user access. Therefore, you must either log in as root to perform this change, or you must use the sudo command to call up super user access. We will be using the latter method in this example.

1. Open Terminal (Macintosh HD : Applications : Utilities : Terminal).
2. The command below provides an example of the SSH command that creates the tunnel. This code will need to be customized using the desired local port and remote host information. The part that must be customized is highlighted:

    sudo ssh -L local port number:hostname [or ip address:21]user@mysite.com 

   
   To customize the formula above, add a local port number (any available local port), remote host name and remote login info (login or username followed by "@" + host name and domain name):

    sudo ssh -L 2021:www.mysite.com:21 username@www.mysite.com 

   
   Note: This command must be entered as one line with no linebreaks.
3. After entering the command to create the tunnel, you will be prompted to enter the password for your local account. Type in your local account's password and press enter.
4. You will now be prompted to enter your password for the remote host. Type in the password and press enter.
   
   Note: A message, such as "Host key unknown", may appear when connecting to a host for the first time. This warning occurs when connecting to a new host. This warning can also occur when changes have been made to a previously-saved connection. Click Accept to continue.
   
   Proceed to Setting up the Dreamweaver FTP client.

Setting up the Dreamweaver FTP client

1. Choose Site > Define Sites (Dreamweaver 4) or Site > Edit Sites (Dreamweaver MX) to open the Site Definition dialog box. Select the desired site and then click Edit.
2. Select the Remote Info category and click the Access pop-up menu to select FTP. If using Dreamweaver MX, you must first select the Advanced tab in order to see the category list. In the FTP Host text box, enter: 127.0.0.1 followed by a colon (:) and the local port used in MacSSH (see step 6 of Setting up the secure tunnel in MacSSH).
   
   For example, the Host ID number will appear similar to:
   
   127.0.0.1:2021
   
   In the Host Directory text box, enter the path to the directory that contains the remote site files. This entry will be the same as if you were connecting directly using FTP alone.
   
   
   
3. Fill in the Login and Password fields.
4. Select the "Use passive FTP" option.
5. Click OK to save changes. Click Done on the Site Definitiondialog box.
6. In the Files panel, click the connect icon to connect to the remote site.
   
   Note: Remember to exit the SSH session when the desired FTP file transfer is complete. If the SSH session has not been terminated, an active connection with the SSH server will still exist. To end the SSH session, type "exit" in the MacSSH window.

Troubleshooting a potential FTP error message

When you attempt to transfer files through an SSH tunnel, the following error message may appear:

 An FTP error occurred - cannot get remote folder information. 425 possible PASV port theft, cannot open data connection. 

This error is common and occurs due to restrictions on the FTP server. To prevent this error, consult the FTP server configuration instructions or consult with the Server Administrator or ISP. Configuration will differ depending on the FTP server software used:

• If you are using the ProFTPD FTP server, add the "AllowForeignAddress on" directive to the Virtual Address section of the configuration file.
• If you are using the WU-FTPD FTP server, add the following lines to the configuration file:
  pasv-allow all + valid IP address
  port-allow all + valid IP address
• If you are using another FTP server, please consult configuration documentation or speak to your Server Administrator or ISP.

Additional Information

---

To learn more about secure file transfer options, please see:

• SSH and SSL encryption for FTP connections (TechNote tn_16159)
• Creating an SSH tunnel secure authentication (Windows) (TechNote tn_16126)

For more information about setting up the Dreamweaver FTP client, please refer to Setting up Dreamweaver's FTP connection (TechNote tn_14787).

Third party links
Although links to external websites are provided as a resource, the websites are not part of Macromedia. Please see the Macromedia policy regarding links to third party websites in the Legal Notices and Information section. Pages to external websites will open in a new browser window.

Search Support

---