I have a machine A.
From it, I can SSH to machine B.
Machine B can FTP to machine C.
I want to download files from C, onto A.
I do not have access from A to C directly.
Port 20 and 21
âââââ âââââ FTP Control âââââââââââââââââââ
â â SSH â ââââââââââââââââââºâ â
â A ââââââºâ B â â C - with files â
â â â ââââââââââââââââââºâ I want â
âââââ âââââ FTP data â â
Random ports âââââââââââââââââââ
I know there's a million questions on this site about SFTP.
As far as I can tell, this is not the same as SFTP.
With SFTP it seems the SSH server must be the same server that has the files to be downloaded, which is not the problem here.
Is this correct? Or is there any way to do this with a simple SFTP command and some additional arguments?
Are there any easy ways to do this?
The files are large, and the disk and memory on B is tiny, so if possible I'd like to stream the data straight through. (Compared to doing a two-step FTP download onto the disk of B.)
In general SSH can tunnel anything. But apparently FTP uses more than just port 20 and 21. It uses a whole bunch of random and unpredictable ports, new ones for each file operation. The possible range of such FTP ports is so large that with one client I tried, I wasn't able to just port-forward the whole range with SSH.
(Note that I'm trying passive FTP, where all network connections are initiated from client the server. As opposed to active FTP where C would initiate a connection back to B, which isn't possible because of a NAT between them.)
I've tried to write a script in python hacking together the FTP standard library and a 3rd-party SSH tunnel library. It's a pretty convoluted and janky solution, that results in me openning up a new port for every new file, but never closing it. Also a recent upgrade to one library broke some dependencies so now the script doesn't work with the latest version of these libraries. I'm tempted to re-write the solution with the underlying Paramiko library. But I fear that's a deep rabbit-hole. This stuff is really fiddly. (Let me know if you need to see my attempt. I'm trying to omit it to avoid the X/Y problem.)
Is there a simpler way to do this tunneling?
I would prefer a solution with Python, but at this point I'm desperate enough to use any tool.