skaven

SSH is not the only protocol that can be tunneled. The linux TCP stack has support for tunneling over an arbitrary pair of ports; it's just a matter of setting it up. Obviously tunneling through an SSH *session* is more secure, but it is definitely possible to instruct linux to pipe data from a shell process out an arbitrary TCP port, then receive that data on the other end from another arbitrary TCP port. Just because you'd be using the FTP *port* doesn't mean you're limited to the FTP *protocol*.

Hell, if you have FTP access, that implies that port 21 is open, in which case why not just run your ssh daemon on port 21 on both machines? There's no rule saying it has to be on port 22.