RE: Help - SFTP port 22

• From: Alexandre Gauthier <gauthiera@xxxxxxxxxxxxxxxxx>
• To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
• Date: Thu, 6 Oct 2005 10:18:30 -0400

Well, basically, as I have stated, SCP and SFTP just execute commands on the
remote side and pipe you the output through the established tunnel. (And SCP
is a bit of an ugly hack, at base).

If you see an SSH tunnel as an horrible security issue from a firewall admin
point of view, well then you might as well see IPSEC, PPtP and VPNs in
general as a security issue as well.

SSH is not Telnet on steroids, it's much more powerful, just keep that in
mind. I do use it to "bypass" the firewall here to connect to my mail server
at home by binding port 25 to my local machine here, then connecting to
that.

-----Message d'origine-----
De : Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx] 
Envoyé : 6 octobre 2005 09:43
À : [ISAserver.org Discussion List]
Objet : [isalist] RE: Help - SFTP port 22

http://www.ISAserver.org

Hi Alexander,

If everything is sent and received over an encrypted tunnel (a horrible
security issue from a firewall admin's point of view) over a single session,
then there are no secondary protocols and it should just work allowing a
primary connection outbound on TCP port 22.

Thomas W Shinder, M.D.
Site: www.isaserver.org
Blog: http://spaces.msn.com/members/drisa/
Book: http://tinyurl.com/3xqb7
MVP -- ISA Firewalls

 

> -----Original Message-----
> From: Alexandre Gauthier [mailto:gauthiera@xxxxxxxxxxxxxxxxx] 
> Sent: Thursday, October 06, 2005 8:34 AM
> To: [ISAserver.org Discussion List]
> Subject: [isalist] RE: Help - SFTP port 22
> 
> http://www.ISAserver.org
> 
> *shy cough from the Unix guy in background*
> 
> Uhm, I do not mean to intrude but they basically are the same, they go
> through an SSH tunnel.
> 
> SFTP is not more secure than SCP or vice-versa, they are only 
> as secure as
> SSH itself. (Which means, it's fine. Basically.)
> 
> They just use different interfaces, but they "work" the same, which is
> inside an SSH tunnel. SFTP is just designed to "look and 
> taste" like an FTP
> server to the end user, but it is not dual port or anything 
> either, it is
> just a matter of what application you call on the other end of the SSH
> connection. ISA would see both protocols as the same, from 
> its point of
> view.
> 
> And in any case... winSCP3 uses SFTP by default with fallback 
> to SCP if that
> craps out. It's made like this because sometime 
> administrators will disable
> one or the other in /etc/ssh/sshd_config for various reasons.
> 
> Basically all you need to do is allow SSH (which means 
> outgoing connection
> to port 22 on destination machine(s) (or the internet) and 
> you are set.
> That's what I did here, and it works wonderfully, I can toss 
> and fetch files
> from my Linux box at home in a really really strange fashion involving
> tunneling SSH inside SSH to reach a machine behind my NAT ;)
> 
> 
> Greg, I think you are confusing SFTP with FTPS, perhaps...
> 
> SSH is such a great protocol, it is a shame the OpenSSH implementation
> doesn't work fully on Windows Server 2003 yet. (At least last time I
> checked). With the venue of MSH, it will be even more useful... 
> 
> (And don't you love tunneling clear-text protocols through 
> SSH? You can use
> it as a "poor man's VPN" also.)
> 
> 
> OH and FYI, ISA *does* support some amount of FTPS, it 
> depends of it is
> implicit or explicit, I believe... (I.E. SSL on port 21 
> instead of on a
> dedicated port).
> 
> Now of course if you're talking about the FTP application 
> filter ... Seeing
> how braindead the FTP client in windows is, I don't doubt it is not
> supported :)
> 
> 
> 
> -----Message d'origine-----
> De : Greg Mulholland [mailto:gmulholland@xxxxxxxxxxxxxx] 
> Envoyé : 6 octobre 2005 02:06
> À : [ISAserver.org Discussion List]
> Objet : [isalist] RE: Help - SFTP port 22
> 
> http://www.ISAserver.org
> 
> 
> Noel
> 
> What are you trying to achieve. My guess is you are trying to 
> dump files
> to a linux box or a windows box running an ssh server, behind the ISA
> firewall. Instead of using SFTP, try using SCP. It's a more secure
> protocol. See if that works the same.
> 
> Greg
> 
> 
> -----Original Message-----
> From: Jim Harrison [mailto:Jim@xxxxxxxxxxxx]
> 
> Sent: Thursday, 6 October 2005 3:05 PM
> To: [ISAserver.org Discussion List]
> Subject: [isalist] RE: Help - SFTP port 22
> 
> http://www.ISAserver.org
> 
> SFTP uses TCP:989 & TCP:990; SSH uses TCP:22.
> Which is it that you think you're using?
> 
> No; ISA does not support FTPS.
> 
> -----Original Message-----
> From: Noel [mailto:noel.callander@xxxxxxx]
> Sent: Wednesday, October 05, 2005 5:19 PM
> To: [ISAserver.org Discussion List]
> Subject: [isalist] Help - SFTP port 22
> 
> http://www.ISAserver.org
> 
> question
> is SFTP supported by ISA2000EE, i cant seem to get it to work i have
> opened port 22 on the ISA server but it still fails. is there anything
> else that needs to be configurd.i am using the winscp375 gui on the XP
> workstation.
> 
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion List as:
> jim@xxxxxxxxxxxx
> To unsubscribe visit 
> http://www.webelists.com/cgi/lyris.pl?enter=isalist
> Report abuse to listadmin@xxxxxxxxxxxxx
> 
> All mail to and from this domain is GFI-scanned.
> 
> 
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion List as:
> gmulholland@xxxxxxxxxxxxxx To unsubscribe visit
> http://www.webelists.com/cgi/lyris.pl?enter=isalist
> Report abuse to listadmin@xxxxxxxxxxxxx
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> All mail to and from this network has been scanned for viruses
> 
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion List as:
> gauthiera@xxxxxxxxxxxxxxxxx
> To unsubscribe visit 
> http://www.webelists.com/cgi/lyris.pl?enter=isalist
> Report abuse to listadmin@xxxxxxxxxxxxx
> 
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion 
> List as: tshinder@xxxxxxxxxxxxxxxxxx
> To unsubscribe visit 
> http://www.webelists.com/cgi/lyris.pl?enter=isalist
> Report abuse to listadmin@xxxxxxxxxxxxx
> 
> 

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
gauthiera@xxxxxxxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx

Other related posts:

• » Help - SFTP port 22
• » RE: Help - SFTP port 22
• » RE: Help - SFTP port 22
• » RE: Help - SFTP port 22
• » RE: Help - SFTP port 22
• » RE: Help - SFTP port 22
• » RE: Help - SFTP port 22
• » RE: Help - SFTP port 22
• » RE: Help - SFTP port 22
• » RE: Help - SFTP port 22
• » RE: Help - SFTP port 22
• » RE: Help - SFTP port 22
• » RE: Help - SFTP port 22
• » RE: Help - SFTP port 22
• » RE: Help - SFTP port 22
• » RE: Help - SFTP port 22
• » RE: Help - SFTP port 22
• » RE: Help - SFTP port 22
• » RE: Help - SFTP port 22
• » RE: Help - SFTP port 22
• » RE: Help - SFTP port 22
• » RE: Help - SFTP port 22
• » RE: Help - SFTP port 22
• » RE: Help - SFTP port 22
• » RE: Help - SFTP port 22
• » RE: Help - SFTP port 22
• » RE: Help - SFTP port 22
• » RE: Help - SFTP port 22
• » RE: Help - SFTP port 22
• » RE: Help - SFTP port 22
• » RE: Help - SFTP port 22

1. Home
2. isalist
3. Archive
4. 10-2005

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---