RE: Help - SFTP port 22

  • From: Alexandre Gauthier <gauthiera@xxxxxxxxxxxxxxxxx>
  • To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
  • Date: Thu, 6 Oct 2005 12:32:46 -0400

If you read my post again, you will notice I wrote SFTP and not FTPS. FTPS
has nothing to do with SSH whatsoever.

FTPS and SFTP are two different things, one is FTP+SSL, the other is a
custom handler running on the remote end of an SSH tunnel that can be used
from the command line in the same fashion as an FTP server.

Thank you for reading all my post. :)

-----Message d'origine-----
De : Jim Harrison [mailto:Jim@xxxxxxxxxxxx] 
Envoyé : 6 octobre 2005 12:13
À : [ISAserver.org Discussion List]
Objet : [isalist] RE: Help - SFTP port 22

http://www.ISAserver.org

Nope; FTPS is not SSH and SSH is not FTPS.
Just because you have an app that uses SSH and refers to it as FTPS does not
make it so.
RFCs are different; L4+ behavior is different.

-----Original Message-----
From: Alexandre Gauthier [mailto:gauthiera@xxxxxxxxxxxxxxxxx] 
Sent: Thursday, October 06, 2005 6:34 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Help - SFTP port 22

http://www.ISAserver.org

*shy cough from the Unix guy in background*

Uhm, I do not mean to intrude but they basically are the same, they go
through an SSH tunnel.

SFTP is not more secure than SCP or vice-versa, they are only as secure as
SSH itself. (Which means, it's fine. Basically.)

They just use different interfaces, but they "work" the same, which is
inside an SSH tunnel. SFTP is just designed to "look and taste" like an FTP
server to the end user, but it is not dual port or anything either, it is
just a matter of what application you call on the other end of the SSH
connection. ISA would see both protocols as the same, from its point of
view.

And in any case... winSCP3 uses SFTP by default with fallback to SCP if that
craps out. It's made like this because sometime administrators will disable
one or the other in /etc/ssh/sshd_config for various reasons.

Basically all you need to do is allow SSH (which means outgoing connection
to port 22 on destination machine(s) (or the internet) and you are set.
That's what I did here, and it works wonderfully, I can toss and fetch files
from my Linux box at home in a really really strange fashion involving
tunneling SSH inside SSH to reach a machine behind my NAT ;)


Greg, I think you are confusing SFTP with FTPS, perhaps...

SSH is such a great protocol, it is a shame the OpenSSH implementation
doesn't work fully on Windows Server 2003 yet. (At least last time I
checked). With the venue of MSH, it will be even more useful... 

(And don't you love tunneling clear-text protocols through SSH? You can use
it as a "poor man's VPN" also.)


OH and FYI, ISA *does* support some amount of FTPS, it depends of it is
implicit or explicit, I believe... (I.E. SSL on port 21 instead of on a
dedicated port).

Now of course if you're talking about the FTP application filter ... Seeing
how braindead the FTP client in windows is, I don't doubt it is not
supported :)



-----Message d'origine-----
De : Greg Mulholland [mailto:gmulholland@xxxxxxxxxxxxxx] 
Envoyé : 6 octobre 2005 02:06
À : [ISAserver.org Discussion List]
Objet : [isalist] RE: Help - SFTP port 22

http://www.ISAserver.org


Noel

What are you trying to achieve. My guess is you are trying to dump files
to a linux box or a windows box running an ssh server, behind the ISA
firewall. Instead of using SFTP, try using SCP. It's a more secure
protocol. See if that works the same.

Greg


-----Original Message-----
From: Jim Harrison [mailto:Jim@xxxxxxxxxxxx]

Sent: Thursday, 6 October 2005 3:05 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Help - SFTP port 22

http://www.ISAserver.org

SFTP uses TCP:989 & TCP:990; SSH uses TCP:22.
Which is it that you think you're using?

No; ISA does not support FTPS.

-----Original Message-----
From: Noel [mailto:noel.callander@xxxxxxx]
Sent: Wednesday, October 05, 2005 5:19 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] Help - SFTP port 22

http://www.ISAserver.org

question
is SFTP supported by ISA2000EE, i cant seem to get it to work i have
opened port 22 on the ISA server but it still fails. is there anything
else that needs to be configurd.i am using the winscp375 gui on the XP
workstation.

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx

All mail to and from this domain is GFI-scanned.


------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
gmulholland@xxxxxxxxxxxxxx To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx














All mail to and from this network has been scanned for viruses

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
gauthiera@xxxxxxxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx

All mail to and from this domain is GFI-scanned.


------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
gauthiera@xxxxxxxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx


Other related posts: