Despite its popularity, the venerable FTP protocol can be difficult to implement securely. With traditional FTP, userids, passwords, and data are sent in the clear over the network. FTPS (FTP over SSL or TLS) is one solution, but can be difficult to implement in the presence of some firewalls and NAT routers since FTP creates separate data connections to dynamically determined ports. SFTP, part of the SSH protocol stack, is an alternative but conversion of existing jobs and systems from FTP to SFTP can be costly.
The Co:Z FTP-SSH Proxy is another alternative: it implements FTP over SSH without SFTP. The existing FTP client and server remain unchanged except that the client is configured to use Co:Z FTP-SSH as a SOCKS5 proxy. Co:Z FTP-SSH dynamically proxies FTP connections over SSH to an SSHD server running on the target host. The required client changes can be made without affecting existing FTP jobs or scripts. In addition, since all connections between the client and server are tunneled through a single secure SSH connection, the firewall and NAT router difficulties that commonly plague FTPS (FTP over SSL or TLS) are avoided.