[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
- Subject: quietly....
- From: rcarpen at network1.net (Randy Carpenter)
- Date: Thu, 3 Feb 2011 16:31:43 -0500 (EST)
- In-reply-to: <[email protected]>
----- Original Message -----
> Well, since ssh is a straight up tcp socket protocol on a well know
> port with no gimmicks needed like FTP, yeah, I would say it isn't a
> hack. FTP over TLS/SSL is much worse. In some implementations you can
> do an non-encrypted control channel and an encrypted data channel, so
> that a SPI firewall can "hack" it through, but unfortunately a lot of
> servers and/or clients won't negotiate that correctly and only allow
> both type of channels to be encrypted which is not possible to pass
> through a SPI firewall.
> There are two other sorta widely implemented secure file transfer
> protocols, SCP and WebDav over TLS/SSL. Either works fine through a
> SPI firewall, but the consensus for file transfer (at least over the
> pub net) within the financial services community appears to be
> converging to FTP over ssh.
Do you mean sftp, or ftp over an ssh tunnel?