I've been looking at a both openssh and couple of commercial SSH
implementations(F-Secure and ssh comm.).

The one thing I see as missing is the "nice-to-have" feature of FTP
specific port forwarding.
The commercial implementations allows a syntax of "-L
ftp/:..." which does some "automagical" forwarding of the
data channel "under the hood"

I don't know if it has been discussed before but I saw someone submit
a" quote, "quick and dirty" patch to implement a basic functionality
of this.
The person seemed willing to clean it up if there was any interest to
include it in the codebase.

I know there's the always the sftp way instead of FTP over SSH,
however in the cases where secure communication is needed for "AS-IS"
systems this would be a nice to have feature.
I've previously used wu-ftpd where I've set "passive address" and
"passive ports" in ftpaccess file, and set up tunnels for all the
passive ports. However the maintenance gets horrendus in the long
term. And getting lots of "425: address already in use" errors when
the port range is not big enough.

Just a thought

Henrik Bentel

openssh-unix-dev mailing list