----- Original Message -----
Well, since ssh is a straight up tcp socket protocol on a well know port with no gimmicks needed like FTP, yeah, I would say it isn't a hack. FTP over TLS/SSL is much worse. In some implementations you can do an non-encrypted control channel and an encrypted data channel, so that a SPI firewall can "hack" it through, but unfortunately a lot of servers and/or clients won't negotiate that correctly and only allow both type of channels to be encrypted which is not possible to pass through a SPI firewall.
There are two other sorta widely implemented secure file transfer protocols, SCP and WebDav over TLS/SSL. Either works fine through a SPI firewall, but the consensus for file transfer (at least over the pub net) within the financial services community appears to be converging to FTP over ssh.
Do you mean sftp, or ftp over an ssh tunnel? -Randy