[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
quietly....
Well, since ssh is a straight up tcp socket protocol on a well know port with no gimmicks needed like FTP, yeah, I would say it isn't a hack. FTP over TLS/SSL is much worse. In some implementations you can do an non-encrypted control channel and an encrypted data channel, so that a SPI firewall can "hack" it through, but unfortunately a lot of servers and/or clients won't negotiate that correctly and only allow both type of channels to be encrypted which is not possible to pass through a SPI firewall.
There are two other sorta widely implemented secure file transfer protocols, SCP and WebDav over TLS/SSL. Either works fine through a SPI firewall, but the consensus for file transfer (at least over the pub net) within the financial services community appears to be converging to FTP over ssh.
> -----Original Message-----
> From: Valdis.Kletnieks at vt.edu [mailto:Valdis.Kletnieks at vt.edu]
> Sent: Thursday, February 03, 2011 3:36 PM
> To: Matthew Huff
> Cc: Owen DeLong; nanog at nanog.org
> Subject: Re: quietly....
>
> On Thu, 03 Feb 2011 14:39:15 EST, Matthew Huff said:
> > Something like ftp over SSH works well without fixup or NAT issues and is
> > becoming more standard at least in the financial services community.
>
> And having to do it over SSH *isn't* a fixup/hackaround?
>
- Follow-Ups:
- quietly....
- From: rcarpen at network1.net (Randy Carpenter)
- References:
- quietly....
- From: jra at baylink.com (Jay Ashworth)
- quietly....
- From: owen at delong.com (Owen DeLong)
- quietly....
- From: mhuff at ox.com (Matthew Huff)
- quietly....
- From: Valdis.Kletnieks at vt.edu (Valdis.Kletnieks at vt.edu)
- quietly....
- From: mhuff at ox.com (Matthew Huff)
- quietly....
- From: Valdis.Kletnieks at vt.edu (Valdis.Kletnieks at vt.edu)