----- Original Message ----- > Well, since ssh is a straight up tcp socket protocol on a well know > port with no gimmicks needed like FTP, yeah, I would say it isn't a > hack. FTP over TLS/SSL is much worse. In some implementations you can > do an non-encrypted control channel and an encrypted data channel, so > that a SPI firewall can "hack" it through, but unfortunately a lot of > servers and/or clients won't negotiate that correctly and only allow > both type of channels to be encrypted which is not possible to pass > through a SPI firewall. > > There are two other sorta widely implemented secure file transfer > protocols, SCP and WebDav over TLS/SSL. Either works fine through a > SPI firewall, but the consensus for file transfer (at least over the > pub net) within the financial services community appears to be > converging to FTP over ssh.
Do you mean sftp, or ftp over an ssh tunnel? -Randy
