Oh, don't get me started on the confusion between FTP over SSH versus FTP over TLS/SSL let alone ftp over ssh versus sftp. So many vendors and users use ftps or sftp indiscriminately to describe both and neither.
By sftp, I mean ftp over ssh (not tunnelled) as an alternate to scp. I would personally prefer scp to sftp, but that isn't what is being deployed by our peers. > -----Original Message----- > From: Randy Carpenter [mailto:rcar...@network1.net] > Sent: Thursday, February 03, 2011 4:32 PM > To: Matthew Huff > Cc: nanog@nanog.org; Valdis Kletnieks > Subject: Re: quietly.... > > ----- Original Message ----- > > Well, since ssh is a straight up tcp socket protocol on a well know > > port with no gimmicks needed like FTP, yeah, I would say it isn't a > > hack. FTP over TLS/SSL is much worse. In some implementations you can > > do an non-encrypted control channel and an encrypted data channel, so > > that a SPI firewall can "hack" it through, but unfortunately a lot of > > servers and/or clients won't negotiate that correctly and only allow > > both type of channels to be encrypted which is not possible to pass > > through a SPI firewall. > > > > There are two other sorta widely implemented secure file transfer > > protocols, SCP and WebDav over TLS/SSL. Either works fine through a > > SPI firewall, but the consensus for file transfer (at least over the > > pub net) within the financial services community appears to be > > converging to FTP over ssh. > > Do you mean sftp, or ftp over an ssh tunnel? > > -Randy
