Your browser does not support HTML5 local storage or you have disabled it. Some functionality on this site, including saving your privacy settings and offering you special discounts, uses local storage and may not work with local storage disabled. We recommend allowing the use of local storage in your browser. In some browsers, it is the same setting used for disabling cookies.

SSH Tectia

Securing Plaintext FTP with Transparent FTP Tunneling

Plaintext FTP is an inherently unsecured, but a widely used method of transferring files. SSH Tectia Server for IBM z/OS with its client tools offers an easy way to secure file transfer connections with transparent FTP tunneling. This feature is most useful when the company uses lots of FTP scripts.

Transparent FTP tunneling allows the FTP service to use the existing scripts and applications as they are, so to the users and applications the SSH Tectia FTP tunneling happens transparently. As the existing FTP applications are left running, for example the FTP servers can keep performing all their designated post-processing jobs as earlier.

Transparent FTP tunneling captures the connections that use the FTP protocol and tunnels them in encrypted format via a Secure Shell server to the FTP server. Transparent FTP tunneling can be configured to pick the user name, password and destination host directly from the FTP client, and use them to open the secured communication channel. In the Connection Broker configuration, this is done simply with one rule that can fit all FTP connections.

The users can define connection profiles to perform transparent FTP tunneling of certain connections, or they can request the tunneling per FTP connection on command line.

For end-to-end security, SSH Tectia Server for IBM z/OS should be installed on the same host with the FTP client, and a Secure Shell server should be installed on the same host with the FTP server. If end-to-end security is not required, the FTP server can also reside on a third host.

The FTP server side can be on any platform, Unix, Windows or mainframe. SSH Tectia Server for IBM z/OS works ideally with SSH Tectia products, but supports any SSH2-capable Secure Shell servers.

Transparent FTP tunneling can be used to secure both interactive and unattended FTP sessions. It also provides an option to fall back to plaintext FTP for easier migration.

Transparent FTP tunneling

Figure 5.2. Transparent FTP tunneling

===AUTO_SCHEMA_MARKUP===