Secure FTP via SSH Tunnel
The Secure FTP server has to be running OpenSSH, which accepts ssh1 and ssh2, and also needs to be running ftpd, the "normal" FTP daemon (more on this later). The Secure FTP client calls to the Secure FTP server on its SSH port. The server then connects internally to port 21, the FTP port, and tunnels the FTP data back across the SSH port to the client. To ensure the server is totally secure, you need to firewall off port 21 from outside access, only allowing the local host to connect to port 21. This is accomplished by either ipfw (firewalling) or tcpwrappers (under Unix, the hosts.allow file).
The link for this article located at 8wire is no longer available.