nanog mailing list archives
Re: quietly....
From: Randy Carpenter <rcarpen () network1 net>
Date: Thu, 3 Feb 2011 16:31:43 -0500 (EST)
----- Original Message -----
Well, since ssh is a straight up tcp socket protocol on a well know port with no gimmicks needed like FTP, yeah, I would say it isn't a hack. FTP over TLS/SSL is much worse. In some implementations you can do an non-encrypted control channel and an encrypted data channel, so that a SPI firewall can "hack" it through, but unfortunately a lot of servers and/or clients won't negotiate that correctly and only allow both type of channels to be encrypted which is not possible to pass through a SPI firewall. There are two other sorta widely implemented secure file transfer protocols, SCP and WebDav over TLS/SSL. Either works fine through a SPI firewall, but the consensus for file transfer (at least over the pub net) within the financial services community appears to be converging to FTP over ssh.
Do you mean sftp, or ftp over an ssh tunnel? -Randy
Current thread:
- Re: quietly...., (continued)
- Re: quietly.... Lamar Owen (Feb 03)
- Re: quietly.... Jack Bates (Feb 03)
- Re: quietly.... Lamar Owen (Feb 03)
- Re: quietly.... Simon Perreault (Feb 03)
- Re: quietly.... Matthew Palmer (Feb 03)
- RE: quietly.... Matthew Huff (Feb 03)
- Re: quietly.... Valdis . Kletnieks (Feb 03)
- RE: quietly.... Matthew Huff (Feb 03)
- Re: quietly.... Valdis . Kletnieks (Feb 03)
- RE: quietly.... Matthew Huff (Feb 03)
- Re: quietly.... Randy Carpenter (Feb 03)
- RE: quietly.... Matthew Huff (Feb 03)
- Re: quietly.... Lamar Owen (Feb 03)
- Re: quietly.... Matthew Palmer (Feb 03)
- RE: quietly.... Matthew Huff (Feb 03)
- Re: quietly.... Valdis . Kletnieks (Feb 03)
- Re: quietly.... Jay Ashworth (Feb 03)
- Re: quietly.... Valdis . Kletnieks (Feb 03)
- Re: quietly.... Jay Ashworth (Feb 03)
- Re: quietly.... Lamar Owen (Feb 03)
- Re: quietly.... Mark Andrews (Feb 03)