Ports, otherwise known as channels, are an important part of data transmission through the internet. Different programs use different ports to communicate with servers using the internet, making ports vital.
In this article, we’re talking about what port does SFTP or SSH File Transfer Protocol use? We’ll also be looking at how you can change this port to make yourself a bit more secure.
What is SFTP?
SFTP is a protocol for transferring files between two machines using an encrypted connection. The protocol also allows users to perform multiple file management operations as well.
SFTP is essentially a more secure version of FTP. It has all the functionality and versatility of FTP but runs over a more secure connection. It’s a subsystem of SSH and hence, provides the same level of security.
Also read: How to enable SSH on Ubuntu?
What port does SFTP use?
By default, SFTP uses port 22 as compared to FTP’s port 21.
Note that SFTP uses a single port for all communications. This gives it an edge over FTPS, especially when you’re dealing with strict firewalls.
To send files, FTP has to open multiple channels dynamically. The server and client-side decide these channels automatically. While this works, this poses a serious security threat as any of these ports can be an attacker’s entry point.
Also read: How to remove untracked files in Git?
How to change the SFTP port?
If you’re going to be using your SFTP server in a public environment, changing your SFTP port can help add an extra layer of security to your network. Ports are essentially gateways and can be used by attackers to gain access to your system,
The default ports for many popular protocols like SFTP are very well known and are the first point of attack when your system is being breached. In such cases, running your protocols on different ports can help stall an attacker.
In Linux, port range 1-1024 is reserved for well-known protocols and can only be accessed by or bound to by a root user. You can use any port between 1-1024 for SFTP, but it’s recommended that you pick a port number greater than 1024.
In the following steps, we’re going to change our SFTP port to 4444,
Step 1: Let’s start by opening the new port through our firewall. Use the following command to open up our port in the UFW firewall. This is the default Ubuntu firewall.
sudo ufw allow 4444/tcp
If you’re on CentOS, you’ll be working with FirewallD. Use the following commands to open the port.
sudo firewall-cmd --permanent --zone=public --add-port=4422/tcp sudo firewall-cmd --reload
You’ll also have to adjust the SELinux rules to allow the new port through.
sudo semanage port -a -t ssh_port_t -p tcp 4444
On any other Linux distro that runs iptables, use this command to open the new port.
sudo iptables -A INPUT -p tcp --dport 4444 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT
Step 2: Now, we need to configure the SFTP/SSH config file location in the /etc/ssh/ directory. Use the following command to open the file.
sudo nano /etc/ssh/ssh_config
Step 3: Search for the line starting with port 22. Generally, this line is commented out using a #. Remove the # and replace 22 with the port we picked.
Step 4: Restart the SSH service for the changes to take effect.
sudo systemctl restart ssh
If you’re on CentOS, use this command
sudo systemctl restart sshd
You can verify if the SSH daemon is running (or listening) on the new port by typing the following command.
ss -an | grep 4444
Also read: Bash While loop explained
Using the new SFTP port
To use the new SFTP port, invoke the stfp command along with the -P flag to explicitly mention the port.
sftp -P 4444 hostname@public-ip
If you’re using a graphical interface SFTP client like FileZilla, replace the old port number with the new one.
Also read: How to install Chrome in Ubuntu?