The SSH Tectia client/server solution allows organizations to replace plaintext file transfer protocol (FTP) connections with secure file transfers in cross-platform environments. File transfers can be secured by applying the Secure File Transfer Protocol (SFTP) instead of FTP, or by using tunnels that encrypt the connection from the FTP client to the FTP server.
The third-generation high-performance Secure Shell protocol implementation, SSH G3, provides unparalleled SFTP throughput and scalability, eliminating processing bottlenecks and helping to meet critical deadlines.
The SSH Tectia client/server solution offers three methods for FTP replacement as illustrated in Figure 2.3:
An unsecured FTP connection is shown in red. If this is used, user IDs, passwords and the actual transferred data are sent in plaintext, which makes them vulnerable to eavesdropping and unathrorized modifications.
SSH Tectia products use the following methods to make file transfers secure:
The secure file transfer protocol (SFTP) transfers the files and the related control data in encrypted format. SFTP can be activated by using the
scpg3tools, or the SSH Tectia file transfer GUI (on Windows) instead of the unsecured
SSH Tectia Client or ConnectSecure provides the SFTP functionality and connects to any Secure Shell SFTP server. Both the original FTP client and FTP server can be eliminated.
Connections from the original FTP client are transparently captured by SSH Tectia Server for IBM z/OS, converted to SFTP, and directed to a Secure Shell SFTP server. No changes to the original FTP client application are needed, and it can remain being used as before. The original FTP server, however, is eliminated.
This feature is available with SSH Tectia ConnectSecure and SSH Tectia Server for IBM z/OS (client tools) on all supported platforms and requires a Secure Shell server as the counterpart.
For more information, see FTP-SFTP Conversion.
Transparent FTP tunneling
Transparent FTP tunneling creates a secure tunnel between an FTP client and an FTP server. All material is sent in encrypted format and so secured from eavesdropping. This feature is available with SSH Tectia ConnectSecure and SSH Tectia Server for IBM z/OS (client tools).
For more information, see Transparent FTP Tunneling.
The SSH Tectia client/server solution supports also non-transparent FTP tunneling on both SSH Tectia Client and ConnectSecure. Non-transparent FTP tunneling can be implemented as SOCKS tunnels defined in the SSH Tectia connection profiles, or as automatic tunnels defined in the Connection Broker configuration.