Well, basically, as I have stated, SCP and SFTP just execute commands on the remote side and pipe you the output through the established tunnel. (And SCP is a bit of an ugly hack, at base). If you see an SSH tunnel as an horrible security issue from a firewall admin point of view, well then you might as well see IPSEC, PPtP and VPNs in general as a security issue as well. SSH is not Telnet on steroids, it's much more powerful, just keep that in mind. I do use it to "bypass" the firewall here to connect to my mail server at home by binding port 25 to my local machine here, then connecting to that. -----Message d'origine----- De : Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx] Envoyé : 6 octobre 2005 09:43 À : [ISAserver.org Discussion List] Objet : [isalist] RE: Help - SFTP port 22 http://www.ISAserver.org Hi Alexander, If everything is sent and received over an encrypted tunnel (a horrible security issue from a firewall admin's point of view) over a single session, then there are no secondary protocols and it should just work allowing a primary connection outbound on TCP port 22. Thomas W Shinder, M.D. Site: www.isaserver.org Blog: http://spaces.msn.com/members/drisa/ Book: http://tinyurl.com/3xqb7 MVP -- ISA Firewalls > -----Original Message----- > From: Alexandre Gauthier [mailto:gauthiera@xxxxxxxxxxxxxxxxx] > Sent: Thursday, October 06, 2005 8:34 AM > To: [ISAserver.org Discussion List] > Subject: [isalist] RE: Help - SFTP port 22 > > http://www.ISAserver.org > > *shy cough from the Unix guy in background* > > Uhm, I do not mean to intrude but they basically are the same, they go > through an SSH tunnel. > > SFTP is not more secure than SCP or vice-versa, they are only > as secure as > SSH itself. (Which means, it's fine. Basically.) > > They just use different interfaces, but they "work" the same, which is > inside an SSH tunnel. SFTP is just designed to "look and > taste" like an FTP > server to the end user, but it is not dual port or anything > either, it is > just a matter of what application you call on the other end of the SSH > connection. ISA would see both protocols as the same, from > its point of > view. > > And in any case... winSCP3 uses SFTP by default with fallback > to SCP if that > craps out. It's made like this because sometime > administrators will disable > one or the other in /etc/ssh/sshd_config for various reasons. > > Basically all you need to do is allow SSH (which means > outgoing connection > to port 22 on destination machine(s) (or the internet) and > you are set. > That's what I did here, and it works wonderfully, I can toss > and fetch files > from my Linux box at home in a really really strange fashion involving > tunneling SSH inside SSH to reach a machine behind my NAT ;) > > > Greg, I think you are confusing SFTP with FTPS, perhaps... > > SSH is such a great protocol, it is a shame the OpenSSH implementation > doesn't work fully on Windows Server 2003 yet. (At least last time I > checked). With the venue of MSH, it will be even more useful... > > (And don't you love tunneling clear-text protocols through > SSH? You can use > it as a "poor man's VPN" also.) > > > OH and FYI, ISA *does* support some amount of FTPS, it > depends of it is > implicit or explicit, I believe... (I.E. SSL on port 21 > instead of on a > dedicated port). > > Now of course if you're talking about the FTP application > filter ... Seeing > how braindead the FTP client in windows is, I don't doubt it is not > supported :) > > > > -----Message d'origine----- > De : Greg Mulholland [mailto:gmulholland@xxxxxxxxxxxxxx] > Envoyé : 6 octobre 2005 02:06 > À : [ISAserver.org Discussion List] > Objet : [isalist] RE: Help - SFTP port 22 > > http://www.ISAserver.org > > > Noel > > What are you trying to achieve. My guess is you are trying to > dump files > to a linux box or a windows box running an ssh server, behind the ISA > firewall. Instead of using SFTP, try using SCP. It's a more secure > protocol. See if that works the same. > > Greg > > > -----Original Message----- > From: Jim Harrison [mailto:Jim@xxxxxxxxxxxx] > > Sent: Thursday, 6 October 2005 3:05 PM > To: [ISAserver.org Discussion List] > Subject: [isalist] RE: Help - SFTP port 22 > > http://www.ISAserver.org > > SFTP uses TCP:989 & TCP:990; SSH uses TCP:22. > Which is it that you think you're using? > > No; ISA does not support FTPS. > > -----Original Message----- > From: Noel [mailto:noel.callander@xxxxxxx] > Sent: Wednesday, October 05, 2005 5:19 PM > To: [ISAserver.org Discussion List] > Subject: [isalist] Help - SFTP port 22 > > http://www.ISAserver.org > > question > is SFTP supported by ISA2000EE, i cant seem to get it to work i have > opened port 22 on the ISA server but it still fails. is there anything > else that needs to be configurd.i am using the winscp375 gui on the XP > workstation. > > ------------------------------------------------------ > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > ------------------------------------------------------ > Visit TechGenix.com for more information about our other sites: > http://www.techgenix.com > ------------------------------------------------------ > You are currently subscribed to this ISAserver.org Discussion List as: > jim@xxxxxxxxxxxx > To unsubscribe visit > http://www.webelists.com/cgi/lyris.pl?enter=isalist > Report abuse to listadmin@xxxxxxxxxxxxx > > All mail to and from this domain is GFI-scanned. > > > ------------------------------------------------------ > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > ------------------------------------------------------ > Visit TechGenix.com for more information about our other sites: > http://www.techgenix.com > ------------------------------------------------------ > You are currently subscribed to this ISAserver.org Discussion List as: > gmulholland@xxxxxxxxxxxxxx To unsubscribe visit > http://www.webelists.com/cgi/lyris.pl?enter=isalist > Report abuse to listadmin@xxxxxxxxxxxxx > > > > > > > > > > > > > > > All mail to and from this network has been scanned for viruses > > ------------------------------------------------------ > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > ------------------------------------------------------ > Visit TechGenix.com for more information about our other sites: > http://www.techgenix.com > ------------------------------------------------------ > You are currently subscribed to this ISAserver.org Discussion List as: > gauthiera@xxxxxxxxxxxxxxxxx > To unsubscribe visit > http://www.webelists.com/cgi/lyris.pl?enter=isalist > Report abuse to listadmin@xxxxxxxxxxxxx > > ------------------------------------------------------ > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > ------------------------------------------------------ > Visit TechGenix.com for more information about our other sites: > http://www.techgenix.com > ------------------------------------------------------ > You are currently subscribed to this ISAserver.org Discussion > List as: tshinder@xxxxxxxxxxxxxxxxxx > To unsubscribe visit > http://www.webelists.com/cgi/lyris.pl?enter=isalist > Report abuse to listadmin@xxxxxxxxxxxxx > > ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: gauthiera@xxxxxxxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx