If you read my post again, you will notice I wrote SFTP and not FTPS. FTPS has nothing to do with SSH whatsoever. FTPS and SFTP are two different things, one is FTP+SSL, the other is a custom handler running on the remote end of an SSH tunnel that can be used from the command line in the same fashion as an FTP server. Thank you for reading all my post. :) -----Message d'origine----- De : Jim Harrison [mailto:Jim@xxxxxxxxxxxx] Envoyé : 6 octobre 2005 12:13 À : [ISAserver.org Discussion List] Objet : [isalist] RE: Help - SFTP port 22 http://www.ISAserver.org Nope; FTPS is not SSH and SSH is not FTPS. Just because you have an app that uses SSH and refers to it as FTPS does not make it so. RFCs are different; L4+ behavior is different. -----Original Message----- From: Alexandre Gauthier [mailto:gauthiera@xxxxxxxxxxxxxxxxx] Sent: Thursday, October 06, 2005 6:34 AM To: [ISAserver.org Discussion List] Subject: [isalist] RE: Help - SFTP port 22 http://www.ISAserver.org *shy cough from the Unix guy in background* Uhm, I do not mean to intrude but they basically are the same, they go through an SSH tunnel. SFTP is not more secure than SCP or vice-versa, they are only as secure as SSH itself. (Which means, it's fine. Basically.) They just use different interfaces, but they "work" the same, which is inside an SSH tunnel. SFTP is just designed to "look and taste" like an FTP server to the end user, but it is not dual port or anything either, it is just a matter of what application you call on the other end of the SSH connection. ISA would see both protocols as the same, from its point of view. And in any case... winSCP3 uses SFTP by default with fallback to SCP if that craps out. It's made like this because sometime administrators will disable one or the other in /etc/ssh/sshd_config for various reasons. Basically all you need to do is allow SSH (which means outgoing connection to port 22 on destination machine(s) (or the internet) and you are set. That's what I did here, and it works wonderfully, I can toss and fetch files from my Linux box at home in a really really strange fashion involving tunneling SSH inside SSH to reach a machine behind my NAT ;) Greg, I think you are confusing SFTP with FTPS, perhaps... SSH is such a great protocol, it is a shame the OpenSSH implementation doesn't work fully on Windows Server 2003 yet. (At least last time I checked). With the venue of MSH, it will be even more useful... (And don't you love tunneling clear-text protocols through SSH? You can use it as a "poor man's VPN" also.) OH and FYI, ISA *does* support some amount of FTPS, it depends of it is implicit or explicit, I believe... (I.E. SSL on port 21 instead of on a dedicated port). Now of course if you're talking about the FTP application filter ... Seeing how braindead the FTP client in windows is, I don't doubt it is not supported :) -----Message d'origine----- De : Greg Mulholland [mailto:gmulholland@xxxxxxxxxxxxxx] Envoyé : 6 octobre 2005 02:06 À : [ISAserver.org Discussion List] Objet : [isalist] RE: Help - SFTP port 22 http://www.ISAserver.org Noel What are you trying to achieve. My guess is you are trying to dump files to a linux box or a windows box running an ssh server, behind the ISA firewall. Instead of using SFTP, try using SCP. It's a more secure protocol. See if that works the same. Greg -----Original Message----- From: Jim Harrison [mailto:Jim@xxxxxxxxxxxx] Sent: Thursday, 6 October 2005 3:05 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: Help - SFTP port 22 http://www.ISAserver.org SFTP uses TCP:989 & TCP:990; SSH uses TCP:22. Which is it that you think you're using? No; ISA does not support FTPS. -----Original Message----- From: Noel [mailto:noel.callander@xxxxxxx] Sent: Wednesday, October 05, 2005 5:19 PM To: [ISAserver.org Discussion List] Subject: [isalist] Help - SFTP port 22 http://www.ISAserver.org question is SFTP supported by ISA2000EE, i cant seem to get it to work i have opened port 22 on the ISA server but it still fails. is there anything else that needs to be configurd.i am using the winscp375 gui on the XP workstation. ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jim@xxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx All mail to and from this domain is GFI-scanned. ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: gmulholland@xxxxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx All mail to and from this network has been scanned for viruses ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: gauthiera@xxxxxxxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jim@xxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx All mail to and from this domain is GFI-scanned. ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: gauthiera@xxxxxxxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx